Add HDB extension for storing policy regarding what historic keys may be used for

kadmin/get.c

@@ -64,6 +64,8 @@ static struct field_name {
     { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
     { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
     { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
+    { "hist-kvno-diff-clnt", KADM5_TL_DATA, KRB5_TL_HIST_KVNO_DIFF_CLNT, 0, "Clnt hist keys", "Historic keys allowed for client", 0 },
+    { "hist-kvno-diff-svc", KADM5_TL_DATA, KRB5_TL_HIST_KVNO_DIFF_SVC, 0, "Svc hist keys", "Historic keys allowed for service", 0 },
     { NULL }
 };
 

kadmin/kadmin-commands.in

@@ -174,6 +174,18 @@ command = {
 		argument = "time"
 		help = "password expiration time"
 	}
+	option = {
+		long = "hist-kvno-diff-clnt"
+		type = "string"
+		argument = "kvno diff"
+		help = "historic keys allowed for client"
+	}
+	option = {
+		long = "hist-kvno-diff-svc"
+		type = "string"
+		argument = "kvno diff"
+		help = "historic keys allowed for service"
+	}
 	option = {
 		long = "use-defaults"
 		type = "flag"
@@ -365,6 +377,18 @@ command = {
 		argument = "policy"
 		help = "policy name"
 	}
+	option = {
+		long = "hist-kvno-diff-clnt"
+		type = "string"
+		argument = "kvno diff"
+		help = "historic keys allowed for client"
+	}
+	option = {
+		long = "hist-kvno-diff-svc"
+		type = "string"
+		argument = "kvno diff"
+		help = "historic keys allowed for service"
+	}
 	argument = "principal"
 	min_args = "1"
 	max_args = "1"