kdb5_util update_princ_encryption counts incorrectly
David Shrimpton
d.shrimpton at its.uq.edu.au
Sun Jul 28 00:45:52 EDT 2013
This looks like a bug in MIT kerberos 1.11.2 kdb5_util.
The first principal processed by update_princ_encryption
is reported as both 'updating' and 'skipping' when it should
be just 'updating'.
In the case below all principals 'foobar*'
were encrypted with the old master key so none
should be reported as 'skipping' as none were current.
# kdb5_util update_princ_encryption -v 'foobar*'
Re-encrypt all keys not using master key vno 2?
(type 'yes' to confirm)? yes
Principals whose keys are being re-encrypted to master key vno 2 if necessary:
updating: foobar65 at KRB5.UQ.EDU.AU
skipping: foobar65 at KRB5.UQ.EDU.AU
updating: foobar67 at KRB5.UQ.EDU.AU
updating: foobar68 at KRB5.UQ.EDU.AU
updating: foobar6 at KRB5.UQ.EDU.AU
5 principals processed: 4 updated, 1 already current
--
David Shrimpton
More information about the Kerberos
mailing list