krb5 commit: Rename master_kdc and iprop_master_ulogsize
Greg Hudson
ghudson at mit.edu
Mon Sep 7 13:35:30 EDT 2020
https://github.com/krb5/krb5/commit/91596ae028cf458b61c03c13dee8c0b7039b8d76
commit 91596ae028cf458b61c03c13dee8c0b7039b8d76
Author: Greg Hudson <ghudson at mit.edu>
Date: Sat Jul 11 21:47:08 2020 -0400
Rename master_kdc and iprop_master_ulogsize
Use "primary_kdc" and "iprop_ulogsize" as the preferred names of the
two relations. Fall back to the old keys if the new ones are not set.
ticket: 8921
doc/admin/conf_files/kdc_conf.rst | 9 +++++++--
doc/admin/conf_files/krb5_conf.rst | 8 ++++++--
src/include/k5-int.h | 2 ++
src/include/krb5/locate_plugin.h | 3 ++-
src/lib/kadm5/alt_prof.c | 25 +++++++++++++------------
src/lib/krb5/krb/t_krb5.conf | 2 +-
src/lib/krb5/os/locate_kdc.c | 17 +++++++++++------
src/util/profile/krb5.conf | 2 +-
src/util/profile/profile.5 | 4 ++--
9 files changed, 45 insertions(+), 27 deletions(-)
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index 0ca3d86..7b1b9fc 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -222,10 +222,15 @@ The following tags may be specified in a [realms] subsection:
(Boolean value.) Specifies whether incremental database
propagation is enabled. The default value is false.
-**iprop_master_ulogsize**
+**iprop_ulogsize**
(Integer.) Specifies the maximum number of log entries to be
retained for incremental propagation. The default value is 1000.
- Prior to release 1.11, the maximum value was 2500.
+ Prior to release 1.11, the maximum value was 2500. New in release
+ 1.19.
+
+**iprop_master_ulogsize**
+ The name for **iprop_ulogsize** prior to release 1.19. Its value is
+ used as a fallback if **iprop_ulogsize** is not specified.
**iprop_replica_poll**
(Delta time string.) Specifies how often the replica KDC polls
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 9e831d4..e4e2443 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -515,12 +515,16 @@ following tags may be specified in the realm's subsection:
host will be tried.
**master_kdc**
+ The name for **primary_kdc** prior to release 1.19. Its value is
+ used as a fallback if **primary_kdc** is not specified.
+
+**primary_kdc**
Identifies the primary KDC(s). Currently, this tag is used in only
one case: If an attempt to get credentials fails because of an
invalid password, the client software will attempt to contact the
primary KDC, in case the user's password has just been changed, and
the updated database has not been propagated to the replica
- servers yet.
+ servers yet. New in release 1.19.
**v4_instance_convert**
This subsection allows the administrator to configure exceptions
@@ -1208,7 +1212,7 @@ Here is an example of a generic krb5.conf file::
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
admin_server = kerberos.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
}
EXAMPLE.COM = {
kdc = kerberos.example.com
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index f50cee7..b3e3469 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -228,6 +228,7 @@ typedef unsigned char u_char;
#define KRB5_CONF_IPROP_RESYNC_TIMEOUT "iprop_resync_timeout"
#define KRB5_CONF_IPROP_REPLICA_POLL "iprop_replica_poll"
#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll"
+#define KRB5_CONF_IPROP_ULOGSIZE "iprop_ulogsize"
#define KRB5_CONF_K5LOGIN_AUTHORITATIVE "k5login_authoritative"
#define KRB5_CONF_K5LOGIN_DIRECTORY "k5login_directory"
#define KRB5_CONF_KADMIND_LISTEN "kadmind_listen"
@@ -280,6 +281,7 @@ typedef unsigned char u_char;
#define KRB5_CONF_PLUGINS "plugins"
#define KRB5_CONF_PLUGIN_BASE_DIR "plugin_base_dir"
#define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types"
+#define KRB5_CONF_PRIMARY_KDC "primary_kdc"
#define KRB5_CONF_PROXIABLE "proxiable"
#define KRB5_CONF_QUALIFY_SHORTNAME "qualify_shortname"
#define KRB5_CONF_RDNS "rdns"
diff --git a/src/include/krb5/locate_plugin.h b/src/include/krb5/locate_plugin.h
index d0e8549..7a872a1 100644
--- a/src/include/krb5/locate_plugin.h
+++ b/src/include/krb5/locate_plugin.h
@@ -34,11 +34,12 @@
enum locate_service_type {
locate_service_kdc = 1,
- locate_service_master_kdc,
+ locate_service_primary_kdc,
locate_service_kadmin,
locate_service_krb524,
locate_service_kpasswd
};
+#define locate_service_master_kdc locate_service_primary_kdc
typedef struct krb5plugin_service_locate_ftable {
int minor_version; /* currently 0 */
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index 5531a10..d166f0a 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -784,24 +784,25 @@ krb5_error_code kadm5_get_config_params(krb5_context context,
GET_DELTAT_PARAM(iprop_resync_timeout, KADM5_CONFIG_IPROP_RESYNC_TIMEOUT,
KRB5_CONF_IPROP_RESYNC_TIMEOUT, 60 * 5);
- hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
-
- params.iprop_ulogsize = DEF_ULOGENTRIES;
- params.mask |= KADM5_CONFIG_ULOG_SIZE;
-
if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
params.mask |= KADM5_CONFIG_ULOG_SIZE;
params.iprop_ulogsize = params_in->iprop_ulogsize;
} else {
+ params.iprop_ulogsize = 0;
+ hierarchy[2] = KRB5_CONF_IPROP_ULOGSIZE;
if (aprofile != NULL &&
- !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
- if (ivalue <= 0)
- params.iprop_ulogsize = DEF_ULOGENTRIES;
- else
- params.iprop_ulogsize = ivalue;
- params.mask |= KADM5_CONFIG_ULOG_SIZE;
- }
+ !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue) &&
+ ivalue > 0)
+ params.iprop_ulogsize = ivalue;
+ hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
+ if (params.iprop_ulogsize == 0 && aprofile != NULL &&
+ !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue) &&
+ ivalue > 0)
+ params.iprop_ulogsize = ivalue;
+ if (params.iprop_ulogsize == 0)
+ params.iprop_ulogsize = DEF_ULOGENTRIES;
}
+ params.mask |= KADM5_CONFIG_ULOG_SIZE;
GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
KRB5_CONF_IPROP_REPLICA_POLL, -1);
diff --git a/src/lib/krb5/krb/t_krb5.conf b/src/lib/krb5/krb/t_krb5.conf
index a80b4ce..a851fbd 100644
--- a/src/lib/krb5/krb/t_krb5.conf
+++ b/src/lib/krb5/krb/t_krb5.conf
@@ -7,7 +7,7 @@
kdc = KERBEROS-2.MIT.EDU:88
kdc = KERBEROS.MIT.EDU
kdc = KERBEROS-1.MIT.EDU
- master_kdc = KERBEROS.MIT.EDU
+ primary_kdc = KERBEROS.MIT.EDU
admin_server = KERBEROS.MIT.EDU
default_domain = MIT.EDU
v4_instance_convert = {
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 7036c74..edca5ac 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -246,6 +246,11 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm,
realm_srv_names[2] = name;
realm_srv_names[3] = 0;
code = profile_get_values(context->profile, realm_srv_names, &hostlist);
+ if (code == PROF_NO_RELATION && strcmp(name, KRB5_CONF_PRIMARY_KDC) == 0) {
+ realm_srv_names[2] = KRB5_CONF_MASTER_KDC;
+ code = profile_get_values(context->profile, realm_srv_names,
+ &hostlist);
+ }
if (code) {
Tprintf("config file lookup failed: %s\n", error_message(code));
if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
@@ -495,8 +500,8 @@ prof_locate_server(krb5_context context, const krb5_data *realm,
kdc_ports:
dflport = KRB5_DEFAULT_PORT;
break;
- case locate_service_master_kdc:
- profname = KRB5_CONF_MASTER_KDC;
+ case locate_service_primary_kdc:
+ profname = KRB5_CONF_PRIMARY_KDC;
goto kdc_ports;
case locate_service_kadmin:
profname = KRB5_CONF_ADMIN_SERVER;
@@ -663,7 +668,7 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
return 0;
switch (svc) {
- case locate_service_master_kdc:
+ case locate_service_primary_kdc:
find_primary = TRUE;
/* Fall through */
case locate_service_kdc:
@@ -707,7 +712,7 @@ dns_locate_server_srv(krb5_context context, const krb5_data *realm,
case locate_service_kdc:
dnsname = "_kerberos";
break;
- case locate_service_master_kdc:
+ case locate_service_primary_kdc:
dnsname = "_kerberos-master";
break;
case locate_service_kadmin:
@@ -824,7 +829,7 @@ k5_locate_kdc(krb5_context context, const krb5_data *realm,
{
enum locate_service_type stype;
- stype = get_primaries ? locate_service_master_kdc : locate_service_kdc;
+ stype = get_primaries ? locate_service_primary_kdc : locate_service_kdc;
return k5_locate_server(context, realm, serverlist, stype, no_udp);
}
@@ -838,7 +843,7 @@ k5_kdc_is_primary(krb5_context context, const krb5_data *realm,
if (server->primary != -1)
return server->primary;
- if (locate_server(context, realm, &list, locate_service_master_kdc,
+ if (locate_server(context, realm, &list, locate_service_primary_kdc,
server->transport) != 0)
return FALSE;
found = server_list_contains(&list, server);
diff --git a/src/util/profile/krb5.conf b/src/util/profile/krb5.conf
index 7d38e9e..de4de84 100644
--- a/src/util/profile/krb5.conf
+++ b/src/util/profile/krb5.conf
@@ -10,7 +10,7 @@
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
kdc = kerberos-3.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}
MEDIA-LAB.MIT.EDU = {
diff --git a/src/util/profile/profile.5 b/src/util/profile/profile.5
index 1b0748e..3da6557 100644
--- a/src/util/profile/profile.5
+++ b/src/util/profile/profile.5
@@ -27,7 +27,7 @@ An example profile file might look like this:
kdc = kerberos.mit.edu
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}
CYGNUS.COM = {
@@ -66,7 +66,7 @@ sections have been marked as final:
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}*
More information about the cvs-krb5
mailing list