kadmin: Add disallow-client attribute

This is useful for services that need not be clients. For example, an untrusted service that need only accept authentication from clients, but not initiate authentication to other services.
2021-06-22 12:59:01 -05:00
parent f6ac4ee864
commit ae8908bf81
6 changed files with 37 additions and 11 deletions
--- a/kadmin/util.c
+++ b/kadmin/util.c
@@ -54,6 +54,7 @@ struct units kdb_attrs[] = {
    { "new-princ",		KRB5_KDB_NEW_PRINC },
    { "support-desmd5",		KRB5_KDB_SUPPORT_DESMD5 },
    { "pwchange-service",	KRB5_KDB_PWCHANGE_SERVICE },
+    { "disallow-client",	KRB5_KDB_DISALLOW_CLIENT },
    { "disallow-svr",		KRB5_KDB_DISALLOW_SVR },
    { "requires-pw-change",	KRB5_KDB_REQUIRES_PWCHANGE },
    { "requires-hw-auth",	KRB5_KDB_REQUIRES_HW_AUTH },