Revert "kadmin: do not assign passwords at realm initialization"

This reverts commit 83def5bc18251f474ea09f1f49e4c0a207c85458. Not passing all
tests, will resubmit as pull request.

diff --git a/kadmin/init.c b/kadmin/init.c
index 47201424e94df3f201a8e2aa3648fde9204d1053..20ed93216f9b55aa05a057c9f6ae201e2f8e94e0 100644 (file)
--- a/kadmin/init.c
+++ b/kadmin/init.c
@@ -52,6 +52,11 @@ create_random_entry(krb5_principal princ,
     krb5_keyblock *keys;
     int n_keys, i;
     char *name;
+    const char *password;
+    char pwbuf[512];
+
+    random_password(pwbuf, sizeof(pwbuf));
+    password = pwbuf;
 
     ret = krb5_unparse_name(context, princ, &name);
     if (ret) {
@@ -71,14 +76,14 @@ create_random_entry(krb5_principal princ,
        mask |= KADM5_MAX_RLIFE;
     }
     ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
-    mask |= KADM5_ATTRIBUTES | KADM5_KEY_DATA;
+    mask |= KADM5_ATTRIBUTES;
 
-    /* Create the entry with no keys or password */
-    ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
+    /* Create the entry with a random password */
+    ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
     if(ret) {
        if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
            goto out;
-       krb5_warn(context, ret, "create_random_entry(%s): create failed",
+       krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
                  name);
        goto out;
     }