[30887] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.18]: Set lockdown attribute when creating LDAP KDB
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Nov 3 13:15:19 2020
Date: Tue, 3 Nov 2020 13:15:04 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202011031815.0A3IF4r2007938@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/53133fd6aa41a709e438e8d71eb39475044bc0da
commit 53133fd6aa41a709e438e8d71eb39475044bc0da
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Aug 10 12:44:21 2020 -0400
Set lockdown attribute when creating LDAP KDB
In kdb5_ldap_util, set lockdown_keys on the special principals when
creating an LDAP KDB, as we do in kdb5_util when creating a regular
KDB.
(cherry picked from commit 6cdf7d82e74f21fb8a37efe6b1bba45744f891ba)
ticket: 8936
version_fixed: 1.18.3
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
index c21d199..94d58ed 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -1337,7 +1337,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
now, &db_create_princ)))
goto cleanup;
- entry.attributes = pblock->flags;
+ entry.attributes = pblock->flags | KRB5_KDB_LOCKDOWN_KEYS;
entry.max_life = pblock->max_life;
entry.max_renewable_life = pblock->max_rlife;
entry.expiration = pblock->expiration;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
