key handling in krb5_ldap_put_principal() issue

Will Fiveash William.Fiveash at
Thu Sep 21 16:20:51 EDT 2006

I have a question about this logic in krb5_ldap_put_principal():

    if (entries->mask & KDB_KEY_DATA || entries->mask & KDB_KVNO) {
        int kcount=0, zero=0, salttype=0, totalkeys=0;
        char *currpos=NULL, *krbsecretkey=NULL;

etc...  This code block sets up the tl_data for the keys associated with
a princ record.  What bothers me is the only place I see: 

mask |= KDB_KEY_DATA;

is in kdb_ldap_create_principal() (I don't see where mask is set with
KDB_KVNO).  Why doesn't the key logic in krb5_ldap_put_principal() look
at entries->n_key_data and entries->key_data to determine if key data
needs to be stored in the LDAP directory?

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list