kdb5_util update_princ_encryption counts incorrectly

David Shrimpton d.shrimpton at its.uq.edu.au
Sun Jul 28 00:45:52 EDT 2013


This looks like a bug in MIT kerberos 1.11.2 kdb5_util.

The first principal processed by update_princ_encryption
is reported as both 'updating' and 'skipping' when it should
be just 'updating'.

In the case below all principals 'foobar*'
were encrypted with the old master key so none
should be reported as 'skipping' as none were current.


# kdb5_util update_princ_encryption  -v 'foobar*'
Re-encrypt all keys not using master key vno 2?
(type 'yes' to confirm)? yes
Principals whose keys are being re-encrypted to master key vno 2 if necessary:
updating: foobar65 at KRB5.UQ.EDU.AU
skipping: foobar65 at KRB5.UQ.EDU.AU
updating: foobar67 at KRB5.UQ.EDU.AU
updating: foobar68 at KRB5.UQ.EDU.AU
updating: foobar6 at KRB5.UQ.EDU.AU
5 principals processed: 4 updated, 1 already current


-- 
David Shrimpton


More information about the Kerberos mailing list