[PATCH] Wallet: recreate keytab on rekey
Ross Smith
rjsm at umich.edu
Mon Apr 1 15:01:22 EDT 2013
This patch implements an option to have keytabs destroyed and
recreated when they are rekeyed. This add the configuration directive
KEYTAB_REPLACE to the wallet configuration. It uses the existing
functions to destroy and create the keytab.
Our use case for this behavior is based on a requirement we have to
keep the kvno of our deployed keytabs constant.
This patch should apply cleanly to the released 1.0 version of wallet.
Ross Smith <rjsm at umich.edu>
-------------------------------------------------------------------------------------------
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm
index c191bc9..52720e5 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/Wallet/Kadmin/MIT.pm
@@ -187,11 +187,15 @@ sub keytab_rekey {
$self->error ("invalid principal name: $principal");
return;
}
+ if ($Wallet::Config::KEYTAB_REPLACE) {
+ $self->destroy($principal);
+ $self->create($principal);
+ }
if ($Wallet::Config::KEYTAB_REALM) {
$principal .= '@' . $Wallet::Config::KEYTAB_REALM;
}
my $file = $Wallet::Config::KEYTAB_TMP . "/keytab.$$";
unlink $file;
my $command = "ktadd -q -k $file";
if (@enctypes) {
@enctypes = map { /:/ ? $_ : "$_:normal" } @enctypes;
More information about the Kerberos
mailing list