From be3836d4ca27c3c8e21db24ecb38fe6099fff195 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Thu, 27 Dec 2018 16:42:36 +1100
Subject: [PATCH] Revert "kadmin: do not assign passwords at realm
 initialization"

This reverts commit 83def5bc18251f474ea09f1f49e4c0a207c85458. Not passing all
tests, will resubmit as pull request.
---
 kadmin/init.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/kadmin/init.c b/kadmin/init.c
index 47201424e..20ed93216 100644
--- a/kadmin/init.c
+++ b/kadmin/init.c
@@ -52,6 +52,11 @@ create_random_entry(krb5_principal princ,
     krb5_keyblock *keys;
     int n_keys, i;
     char *name;
+    const char *password;
+    char pwbuf[512];
+
+    random_password(pwbuf, sizeof(pwbuf));
+    password = pwbuf;
 
     ret = krb5_unparse_name(context, princ, &name);
     if (ret) {
@@ -71,14 +76,14 @@ create_random_entry(krb5_principal princ,
 	mask |= KADM5_MAX_RLIFE;
     }
     ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
-    mask |= KADM5_ATTRIBUTES | KADM5_KEY_DATA;
+    mask |= KADM5_ATTRIBUTES;
 
-    /* Create the entry with no keys or password */
-    ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
+    /* Create the entry with a random password */
+    ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
     if(ret) {
 	if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
 	    goto out;
-	krb5_warn(context, ret, "create_random_entry(%s): create failed",
+	krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
 		  name);
 	goto out;
     }