krb db update

Donnie Emeson Donnie at Colorado.EDU
Wed Oct 24 18:02:13 EDT 2007


I've been following several strings in both the krb users and dev lists
regarding kdb update, specifically using the --with-kdc-kdb-update
configuration flag.

It looks like john at is working on it and I look forward to
being able to use it again. We've come to rely on this functionality.
In a Sept '07 krbdev thread, "krb-1.6.3beta1 compile error", he wrote:

   It also compiles with the option configured AND
   with the addition of this ifdef I put into
   kdc/do_as_req.c for testing:
           if (update_client) {
               krb5_db_put_principal(kdc_context, &client, &c_nprincs);
                * ptooey.  We want krb5_db_sync() or something like that.
   #if 0
               if (kdc_active_realm->realm_dbname)
               /* Reset master key */
               krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);
   It looks to me like the new DAL layer also did not include
   a sync operation.  I expect there are two possible way to go
     1) add sync to DAL and call it here, or
     2) just define a put as always syncing the DB
   For myself, I will likely just be lazy and imagine that you
   chose option 2 and add a (*db->sync)(db, 0) call down in
   the krb5_db2_db_put_principal() routine.

I added the #if 0...#endif and compiled. However, I skipped both option 1
& 2. Everything still seems to work, and kadmin is also showing changes
in the "Last successful authentication", "Last failed authentication"
and "Failed password attempts" fields. But I'm worried I've introduced
problems by simply stripping out those few lines. Have I?


More information about the krbdev mailing list