[krbdev.mit.edu #7502] kldap plugin always writes to krbLastAdminUnlock
nalin@redhat.com via RT
rt-comment at krbdev.mit.edu
Thu Dec 13 18:09:21 EST 2012
On Thu, Dec 13, 2012 at 06:05:20PM -0500, Greg Hudson via RT wrote:
> The problem seems bigger than just this symptom:
Agreed.
> * krb5_ldap_put_principal doesn't check whether KADM5_TL_DATA is set in
> entry->mask. So any tl_data in the principal will be written out in any
> update, whether normalized to type-specific LDAP attributes or marshalled
> into krbExtraData. If you're going to use the patch you provided as a
> downstream workaround, I'd suggest nulling out entry->tl_data temporarily
> instead of just resetting the last-admin-unlock value.
Yes, I think that'll work.
Thanks,
Nalin
More information about the krb5-bugs
mailing list