[1457] in Kerberos_V5_Development
Re: Why can you not rename a random key with the new admin server?
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Wed Jul 31 10:45:44 1996
Date: Wed, 31 Jul 96 10:45:21 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: epeisach@MIT.EDU
Cc: krbcore@MIT.EDU
In-Reply-To: <9607271545.AA26994@kangaroo.mit.edu> (epeisach@MIT.EDU)
In KADM5_VERSION_1, kadm5_rename_principal is explicitly specified to
allow renaming a principal even if it screws the key due to salt; the
functional spec says you should always change the key after renaming a
principal. It is a bug that the code returns an error if the caller
is using VERSION_1, because that differs from previous V1 behavior.
In KADM5_VERSION_2, I think that kadm5_rename_principal should not
exist; it should just return EINVAL or somesuch if called. The
function serves no useful purpose (because principals does not hvae an
identity, like a uuid, other than their names), and it has all this
complexity with salts etc. The VERSION_2 unit tests do not test
kadm5_rename_principal.
Barry
