From 5b70a0cac61c0ff1c1cee3269c35b29523ea6aaa Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 24 Aug 2020 16:16:59 -0500
Subject: [PATCH] kadm5: Allow princ creation with keys

---
 lib/kadm5/create_s.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c
index 82d4a925f..7d32d7adb 100644
--- a/lib/kadm5/create_s.c
+++ b/lib/kadm5/create_s.c
@@ -265,13 +265,22 @@ kadm5_s_create_principal(void *server_handle,
     if (ret)
 	return ret;
 
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
-			   | KADM5_MOD_NAME | KADM5_MKVNO
-			   | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
+    if (use_pw)
+        ret = create_principal(context, princ, mask, &ent,
+                               KADM5_PRINCIPAL,
+                               KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
+                               | KADM5_MOD_NAME | KADM5_MKVNO
+                               | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
+                               | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
+                               | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
+    else
+        ret = create_principal(context, princ, mask, &ent,
+                               KADM5_PRINCIPAL | KADM5_KEY_DATA,
+                               KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
+                               | KADM5_MOD_NAME | KADM5_MKVNO
+                               | KADM5_AUX_ATTRIBUTES
+                               | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
+                               | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
     if (ret)
         return ret;