[krbdev.mit.edu #6507] kdb5_util update_princ_encryption uses latest mkey instead of active mkey
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Feb 29 00:22:05 EST 2012
Also, if you "kdb5_util purge_mkeys" after those two operations, you get a
bad error message:
Purging the follwing master key(s) from K/M at KRBTEST.COM:
KVNO: 1
kdb5_util: Invalid argument while updating actkvno data for master
principal entry
This happens because kdb5_purge_mkeys computes an empty active mkvno and
krb5_db_fetch_mkey_list rejects it with EINVAL.
This is technically a separate bug, but would be difficult to reproduce if
the update_princ_encryption bug is fixed, so I'm noting it here.
More information about the krb5-bugs
mailing list