kadmind patch (was: kadm5_randkey_principal_3)
Tom Yu
tlyu at MIT.EDU
Fri Oct 4 19:22:00 EDT 2002
>>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:
>>>>> "Ben" == Ben Cox <cox at spinnakernet.com> writes:
Ben> The reason I didn't just change it as you suggest below was
Ben> that the kadm5_randkey_principal function internally calls
Ben> kadm5_randkey_principal_3 with a fixed set of ks_tuples, and
Ben> I didn't want to duplicate that fixed set of ks_tuples,
Ben> because if in the future someone were to change the fixed set
Ben> in kadm5_randkey_principal and forget to change the set in
Ben> randkey_principal_wrapper to match, they'd get the "wrong"
Ben> (old) set of fixed ks_tuples, and that might be a
Ben> head-scratcher indeed. ;)
Sam> Tom, how does this magically work with supportet_enctypes?
kadm5_randkey_principal calls kadm5_randkey_principal_3 with a null
array of keysalt tuples. If randkey_principal_3 gets this null array,
it fetches the keysalt tuples from the kadm5 handle's parameters,
which would be set from the kdc.conf. It's not a hardcoded list in
randkey_principal at all, unless there's something I'm missing.
---Tom
More information about the krbdev
mailing list