[27548] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Simplify kdb5_util create using a null password

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Feb 4 16:54:36 2013

Date: Mon, 4 Feb 2013 16:54:32 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201302042154.r14LsW32028613@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e
commit 1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e
Author: Greg Hudson <ghudson@mit.edu>
Date:   Mon Feb 4 14:01:40 2013 -0500

    Simplify kdb5_util create using a null password
    
    kadm5_create_principal now uses a random key if passed a null
    password, so we don't need a multi-step process to create admin
    principals when creating a database any more.

 src/kadmin/dbutil/kadm5_create.c |   37 +++++++------------------------------
 1 files changed, 7 insertions(+), 30 deletions(-)

diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index 567f5f5..40f89a7 100644
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -291,39 +291,16 @@ int add_admin_princ(void *handle, krb5_context context,
         return(ERR);
     }
     ent.max_life = lifetime;
-    ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX;
+    ent.attributes = attrs;
 
     ret = kadm5_create_principal(handle, &ent,
                                  (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
-                                  KADM5_ATTRIBUTES),
-                                 "to-be-random");
-    if (ret) {
-        if (ret != KADM5_DUP) {
-            com_err(progname, ret, _("while creating principal %s"), fullname);
-            krb5_free_principal(context, ent.principal);
-            free(fullname);
-            return ERR;
-        }
-    } else {
-        /* only randomize key if we created the principal */
-        ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL);
-        if (ret) {
-            com_err(progname, ret, _("while randomizing principal %s"),
-                    fullname);
-            krb5_free_principal(context, ent.principal);
-            free(fullname);
-            return ERR;
-        }
-
-        ent.attributes = attrs;
-        ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
-        if (ret) {
-            com_err(progname, ret, _("while setting attributes on %s"),
-                    fullname);
-            krb5_free_principal(context, ent.principal);
-            free(fullname);
-            return ERR;
-        }
+                                  KADM5_ATTRIBUTES), NULL);
+    if (ret && ret != KADM5_DUP) {
+        com_err(progname, ret, _("while creating principal %s"), fullname);
+        krb5_free_principal(context, ent.principal);
+        free(fullname);
+        return ERR;
     }
 
     krb5_free_principal(context, ent.principal);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post