[1946] in Moira Commits
/svn/moira r4085 - trunk/moira/reg_svr
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Mon Nov 5 13:53:20 2012
Date: Mon, 5 Nov 2012 13:53:13 -0500
From: Garry Zacheiss <zacheiss@MIT.EDU>
Message-Id: <201211051853.qA5IrDB1014860@drugstore.mit.edu>
To: moira-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: zacheiss
Date: 2012-11-05 13:53:12 -0500 (Mon, 05 Nov 2012)
New Revision: 4085
Modified:
trunk/moira/reg_svr/kerberos.c
Log:
Set requires_preauth and disallow_svr on newly created principals.
Modified: trunk/moira/reg_svr/kerberos.c
===================================================================
--- trunk/moira/reg_svr/kerberos.c 2012-11-02 03:19:52 UTC (rev 4084)
+++ trunk/moira/reg_svr/kerberos.c 2012-11-05 18:53:12 UTC (rev 4085)
@@ -153,7 +153,8 @@
(void) kadm5_free_policy_ent(kadm_server_handle, &defpol);
}
- mask |= KADM5_PRINCIPAL;
+ mask |= KADM5_PRINCIPAL | KADM5_ATTRIBUTES;
+ princ.attributes |= KRB5_KDB_REQUIRES_PRE_AUTH | KRB5_KDB_DISALLOW_SVR;
status = kadm5_create_principal(kadm_server_handle, &princ, mask, password);
cleanup:
