[krbdev.mit.edu #7852] kadmin.local's ktadd -norandkey does not handle multiple kvnos in the KDB
Benjamin Kaduk via RT
rt-comment at krbdev.mit.edu
Sat Jan 25 13:24:36 EST 2014
The sequence:
addprinc -randkey -e des-cbc-md5:normal test
cpw -randkey -keepold -e aes256-cts-hmac-sha1-96:normal test
ktad -norandkey test
will produce a keytab containing both the DES key and the AES key, but both keys are marked as
kvno 2 (whereas the DES key should be kvno 1).
src/kadmin/cli/keytab.c's add_principal() (in the norandkey case) goes and gets the principal
keys, and then separately gets the principal from the DB, and then uses the kvno from the
get_principal output for all keys.
Reported by Peter Grandi (pg at afs.list.sabi.co.UK) on openafs-info at openafs.org.
More information about the krb5-bugs
mailing list