kadmind patch (was: kadm5_randkey_principal_3)

Tom Yu tlyu at MIT.EDU
Fri Oct 4 19:22:00 EDT 2002

>>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:

>>>>> "Ben" == Ben Cox <cox at spinnakernet.com> writes:

Ben> The reason I didn't just change it as you suggest below was
Ben> that the kadm5_randkey_principal function internally calls
Ben> kadm5_randkey_principal_3 with a fixed set of ks_tuples, and
Ben> I didn't want to duplicate that fixed set of ks_tuples,
Ben> because if in the future someone were to change the fixed set
Ben> in kadm5_randkey_principal and forget to change the set in
Ben> randkey_principal_wrapper to match, they'd get the "wrong"
Ben> (old) set of fixed ks_tuples, and that might be a
Ben> head-scratcher indeed. ;)

Sam> Tom, how does this magically work with supportet_enctypes?

kadm5_randkey_principal calls kadm5_randkey_principal_3 with a null
array of keysalt tuples.  If randkey_principal_3 gets this null array,
it fetches the keysalt tuples from the kadm5 handle's parameters,
which would be set from the kdc.conf.  It's not a hardcoded list in
randkey_principal at all, unless there's something I'm missing.


More information about the krbdev mailing list