krb5 commit: Add support for k5srvutil -e keysalts

[Greg Hudson]

https://github.com/krb5/krb5/commit/4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb
commit 4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb
Author: Alex Dehnert <adehnert at mit.edu>
Date:   Fri Mar 8 23:48:33 2013 -0500

    Add support for k5srvutil -e keysalts
    
    k5srvutil is a little more convenient to use for rolling keys than
    kadmin is.  When migrating off 1DES, though, it may be desirable to
    explicitly specify the desired keysalts.  This adds an option, -e, to
    k5srvutil to specify desired keysalts.
    
    [ghudson at mit.edu: style fix; make whitespace in keysalt list work]
    
    ticket: 7589 (new)

 doc/admin/admin_commands/k5srvutil.rst |    5 ++++-
 src/kadmin/cli/k5srvutil.sh            |   10 ++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/doc/admin/admin_commands/k5srvutil.rst b/doc/admin/admin_commands/k5srvutil.rst
index 493c176..0e30a8e 100644
--- a/doc/admin/admin_commands/k5srvutil.rst
+++ b/doc/admin/admin_commands/k5srvutil.rst
@@ -9,6 +9,7 @@ SYNOPSIS
 **k5srvutil** *operation*
 [**-i**]
 [**-f** *filename*]
+[**-e** *keysalts*]
 
 DESCRIPTION
 -----------
@@ -31,7 +32,9 @@ a keytab or to add new keys to the keytab.
     existing tickets continue to work.  If the **-i** flag is given,
     k5srvutil will prompt for confirmation before changing each key.
     If the **-k** option is given, the old and new keys will be
-    displayed.
+    displayed.  Ordinarily, keys will be generated with the default
+    encryption types and key salts.  This can be overridden with the
+    **-e** option.
 
 **delold**
     Deletes keys that are not the most recent version from the keytab.
diff --git a/src/kadmin/cli/k5srvutil.sh b/src/kadmin/cli/k5srvutil.sh
index e1284e6..050fa87 100755
--- a/src/kadmin/cli/k5srvutil.sh
+++ b/src/kadmin/cli/k5srvutil.sh
@@ -38,7 +38,7 @@ cmd_error() {
     }
 
 usage() {
-    echo "Usage: $0 [-i] [-f file] list|change|delete|delold"
+    echo "Usage: $0 [-i] [-f file] [-e keysalts] list|change|delete|delold"
 }
 
 
@@ -47,7 +47,8 @@ change_key() {
     princs=`list_princs `
     for princ in $princs; do
 	if interactive_prompt "Change key " $princ; then
-	    kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
+	    kadmin -k -t $keytab -p $princ -q \
+		"ktadd -k $keytab $keysalts $princ"
 	fi
     done
     }
@@ -74,6 +75,7 @@ delete_keys() {
 
 keytab=/etc/krb5.keytab
 interactive=0
+keysalts=""
 
 while [ $# -gt 0 ] ; do
     opt=$1
@@ -86,6 +88,10 @@ while [ $# -gt 0 ] ; do
 	"-i")
 	interactive=1
 	;;
+	"-e")
+	keysalts="$keysalts -e \"$1\""
+	shift
+	;;
 	change|delold|delete|list)
 	set_command $opt
 	;;