oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add new kadmin/ktutil --keep* and --enctypes opts

Browse Source 
- Add --keepold/keepallold/pruneall options to various kadmin/ktutil
   commands.  Default behavior to "prune old keys".

 - When setting keys for a service, we need to specify enctypes for it:

    - Always use kadm5_randkey_principal_3() instead of the older
      kadm5_randkey_principal().

    - Add krb5_string_to_keysalts2(), like MIT's krb5_string_to_keysalts(),
      but with a context, and simpler.

    - Add --enctypes options to various kadmin/ktutil commands.

    - Add [libdefaults] supported_enctypes param with enctype[:salttype]
      list.

    - Add [realms] realm supported_enctypes param with enctype[:salttype]
      list.

      Default to aes128-cts-hmac-sha1-96:normal.
This commit is contained in:
Nicolas Williams
2019-01-01 17:25:06 -06:00
committed by Nico Williams
parent 7b76d6719f
commit d8394c65b7
18 changed files with 574 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
admin/ktutil-commands.in
View File

@@ -54,7 +54,7 @@ command = {
short = "e"
type = "string"
argument = "enctype"
help = "encryption type"
help = "encryption type(s)"
}
option = {
long = "password"
@@ -75,6 +75,21 @@ command = {
type = "flag"
help = "generate random key"
}
option = {
long = "keepold"
type = "flag"
help = "keep old keys/password needed to decrypt extant tickets (default)"
}
option = {
long = "keepallold"
type = "flag"
help = "keep all old keys/password"
}
option = {
long = "pruneall"
type = "flag"
help = "delete all old keys"
}
option = {
long = "hex"
short = "H"
@@ -94,6 +109,28 @@ command = {
argument = "realm"
help = "realm to use"
}
option = {
long = "enctype"
short = "e"
type = "string"
argument = "enctype"
help = "encryption type(s)"
}
option = {
long = "keepold"
type = "flag"
help = "keep old keys/password needed to decrypt extant tickets (default)"
}
option = {
long = "keepallold"
type = "flag"
help = "keep all old keys/password"
}
option = {
long = "pruneall"
type = "flag"
help = "delete all old keys"
}
option = {
long = "admin-server"
short = "a"
@@ -136,6 +173,21 @@ command = {
help = "encryption types to use"
argument = "enctype"
}
option = {
long = "keepold"
type = "flag"
help = "keep old keys/password needed to decrypt extant tickets (default)"
}
option = {
long = "keepallold"
type = "flag"
help = "keep all old keys/password"
}
option = {
long = "pruneall"
type = "flag"
help = "delete all old keys"
}
option = {
long = "realm"
short = "r"