[36948] in Kerberos
Re: kadm5_hook rename
daemon@ATHENA.MIT.EDU (John Hascall)
Sun May 3 11:41:45 2015
MIME-Version: 1.0
In-Reply-To: <CADCx5Motq0afDLujK3bS2ZGpF396PYOJCjYC3R78kaF2FMEjjg@mail.gmail.com>
Date: Sun, 3 May 2015 10:41:29 -0500
Message-ID: <CADCx5MoK6U3T=-+38FTz4BOddx2HQrXsuGvO3uRU=U+RD6ZHpA@mail.gmail.com>
From: John Hascall <john@iastate.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Well, as long as I'm complaining about omissions in the kadm5_hook
interface,
here's another one
*(looks like my dream of getting rid of a local mod is nowjust swapping a
local mod for a slightly less obnoxious local mod)*.
ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
*handle->current_caller*,
KADM5_HOOK_STAGE_PRECOMMIT,
principal, keepold,
new_n_ks_tuple, new_ks_tuple, NULL);
Because we do bi-directional password sync (MIT KDC <--> WinAD KDC),
we need a way to prevent an endless loop of the same password change going
around and around forever. I'm open to better suggestions, but what we've
used thus far is to look at which principal (handle->current_caller) is
making the
update and if it is the ADsyncer, then the MIT side doesn't send the update
back.
John
On Sat, May 2, 2015 at 10:44 PM, John Hascall <john@iastate.edu> wrote:
> I wasn't exactly sure how you intended the major/minor version numbering
> business to work, but here's a set of patches (based off of 1.13.1) which
> add a rename function to a version 2 of kadm5_hook_vftable:
>
> kadm5_ret_t (*rename)(krb5_context ctx,
> kadm5_hook_modinfo *modinfo,
> int stage,
> krb5_principal source, /* old name */
> krb5_principal target); /* new name */
>
> Are we the only place which makes much use of rename?
>
> John
> ------------------------->8--------- snippy snip
> ---------8<-------------------
> begin 440 kadm5_hook_rename_patches.tgz
> M'XL(`"J6154``^U:ZW/:1A#/U_)7;"<S'5["DD#@X#IC-W433_S(.$Z_:@0Z
> M0$7H-)(@(1G_[]T]22"$>"1V2*:]WR0\Q-W>/NY^>[M)X]GWAZJVU(YAX+M`
> M_EU\UG1#U_1VJZ-VZ'FGTS:>&0?0[=DTC*P`X%G`>;1MW,<18^XA%#HL&D=A
> MT%<<K^].;::,@YZAC"U[8I@CSL>F[TZ'CM<8/6X-55/5=JNU*?Y&$V.=QK_=
> MIGVBM=L='/\T)F['_SS^BJ(`[H"C9`<<T0XX*M@!#1XXPU]T53,455<T#72M
> MJ[6[K69C<89!4=NJ6JK5:GM)3(21/-#T;E/KMHY7A!DH[.P,E+9:;T,-7SMP
> M=E8"J-)?4."5%480C1C,(JOG,O"YXT4L`"L$R_<#[@>.%3$8\``FUC_FC`5=
> M,9.0/(#34]"ZB20.&2UG`R'4U$JU]2GZUBEZ1L=+SXD<RW4^,Z'IA$4C;H?`
> M!QG%ZQ!&W/<=;UBD.HY+M`ZGON\ZS(:)XY$F#8!;/W*X9[D+P1-K#CT&+AM$
> M,/6<Q>IV0[A2:ZGU%M2TEE8W7L3>1!Q5X<*S22F4C$NB[!#%@M:`ZE$)'@K]
> M<E*"4BV:^\QF`S0@F/:CE7&)+TQTTY=2#;TH%JK".43L4T0SR&#'9E[D#.;T
> MF3P2;PYAN,N'0WH\86%H#5DHE!%B^MQ#J?T1GMNJ9TW8259^QN-6*F["[:G+
> M&O$@].69;P76A!X[WH!#P*)IX(7@L8_N'"S7Y7WTOIU,`S&&-!I,<1Q;2.GC
> M2-0*7KG,\G#XU(?>7%@Q0,>7*SC>ZU-\%@LG^L=NPE7-",I5"E*E3*?$1,/(
> M.?6L(U,EJ]7D4V7%7+$X+6VEZEH8RD'`&)Q9J85+U\VX8^.:I.`^:Q8N>>G9
> M#CDH1%NM^`3Z5AA^Y($-3HC;CZ*&T?&&M.UR/D>V'3(:AEK3<1WBB1H$?`+/
> M,^O'@Y@WG;#`(@_FI8P9\[DKEL.=A_(&P#XY840KC]D<I0<L463,_&A-"XPT
> MJ4SS;SY<7=%\,@.G0KB<&J`K^20^/=LBV!^1L)P_DQF%V.+JK?/08;$#MTLG
> M-9!!O+[C6VX]_M[C7.R4Q',[E_',<6A&4]_=8RUTFQE:;A2/A^I>,U<.<1R.
> MXFU&QS@UA@+6#QB=SL:F8(B?'QF,IXB"$+O0W$2>,_&4N9PHS0K'/U<$T@.\
> M&H)K],=@G@W`)J]/Q,B?W^O[;3&;N6S+%@O8A,\>N\6^[KSG#O5^9@2,LN,6
> M,^CG'VG&-K.*KR1Z;$SAE42GV?"<H3<&*."-^?;N#\-\>_[GM6&^N;U]:[Z[
> M^O#Z\@;G_^A+]T^$7/U'7E5"%J"_37&;QLOE8\N_7?6?IG8*ZC^](^N_`V"M
> M_J,=<+2V`[+E7TMIJJ"K72S:6IVUBFVM_"L6N%+]'7>-XZ[6*JS^=,.@\H_>
> MM.:B9-E&,IM&K')-3)454<:(BS3>YA/&S)`+7D*C8!Z7EC'U9#@4OV#J71)1
> M,GN%4&$7L6;FXY79INP=OX<;I^Q.A3E3N?B89UOP4A<@;9(+SAZHW,M0*)@)
> M?;Z_N/O[XLZ\O+F_N+LYOS+?F"9('OTO(.9_U^FEW!_,,@W`1O\IUMC!_[IF
> MZ'G^-YH=3?+_`9#R/^Z`E*J#V5%V!WQ]YV^SK#SK:UU5*V3]IE[O0$V\$N4_
> M3[()_![.0Y</&Z.71%3K;:>8.N.FDY*CUT7K"F;12?9"O'J+%+_FJ7EQW[6M
> MR,*?'RAOB.9DBQ05K]G<E%#Y*8P-T4\JA\YGQ@?EA-LK=?@-4TCE9#D#";><
> MSCH578G*:B(;\HA#GXKXJ7\2&T=`,;B,J,`JY44S1Q-_XDP4-\&2CESEMW@1
> MY>6,EJ]M%Z/O*6;%"A+UZRFH%?BR>(ZYY"_+<9F=-FNIZT4UBL<]98`^C2O+
> M%8.IB96X)+O$BGO)3R=Q:[/]@NX)]*:U1"P>:(OL3-?%V?H;TO+&*F='^BW5
> MOL02+S&YGM]?E&.]T.T+94;*2]IW]51^*C"1D,8Q[F."BE\?J)#*V@YYVZF$
> M_0;;B^\;FVU/;,3C^*.93J((1?D_G`7+"#[!%6!7_:<WFVOUGZ[K,O\?`,7Y
> M/[<#'GL%R(G+WP(Z7;59>`LXUO7Z"ZC1F[::7T4RM+G'DL1`7)]RH,BZ!42?
> M9JPEK28/,DRWN>A:(--0>G]__OK"?'=W\>KV^OKR'OF93X,^DB!NJ2%;Y-<D
> M*5:6HC/JUTJ+Q%E.E+=[IC^-3%%Z)EK7Z2E>&BR[5ZE4BOT0BR_3/_%4OJL'
> M"EQP^_Y^LP]B=9?&Q>W5G'WQ-%&/"X.Z,F$<`FO\_\2]/\+._M_Z__\P.H:L
> M_PZ!`O[?UOO[:O;?VO?3NTV]VVK+OI_L^TE(2$A(2$A(2$A(2$A(2$A(2$A(
> ?2$A(2$A(2$A(2$A(2$A(2$A(2.R/?P'3]3Z0`%```$A(
> `
> end
>
> On Sat, May 2, 2015 at 9:57 AM, John Hascall <john@iastate.edu> wrote:
>
>>
>> Is there a reason why the kadm5_hook interface does not seem to have any
>> support for a principal "rename" operation?
>>
>> John
>>
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
