oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add new kadmin/ktutil --keep* and --enctypes opts

Browse Source 
- Add --keepold/keepallold/pruneall options to various kadmin/ktutil
   commands.  Default behavior to "prune old keys".

 - When setting keys for a service, we need to specify enctypes for it:

    - Always use kadm5_randkey_principal_3() instead of the older
      kadm5_randkey_principal().

    - Add krb5_string_to_keysalts2(), like MIT's krb5_string_to_keysalts(),
      but with a context, and simpler.

    - Add --enctypes options to various kadmin/ktutil commands.

    - Add [libdefaults] supported_enctypes param with enctype[:salttype]
      list.

    - Add [realms] realm supported_enctypes param with enctype[:salttype]
      list.

      Default to aes128-cts-hmac-sha1-96:normal.
This commit is contained in:
Nicolas Williams
2019-01-01 17:25:06 -06:00
committed by Nico Williams
parent 7b76d6719f
commit d8394c65b7
18 changed files with 574 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
kadmin/kadmin-commands.in
View File

@@ -139,6 +139,12 @@ command = {
type = "flag"
help = "set random password"
}
option = {
long = "enctypes"
short = "e"
type = "string"
help = "encryption type(s)"
}
option = {
long = "password"
short = "p"
@@ -225,6 +231,12 @@ command = {
type = "flag"
help = "set random password"
}
option = {
long = "enctypes"
short = "e"
type = "string"
help = "encryption type(s)"
}
option = {
long = "password"
short = "p"
@@ -239,7 +251,17 @@ command = {
option = {
long = "keepold"
type = "flag"
help = "keep old keys/password"
help = "keep old keys/password needed to decrypt extant tickets (default)"
}
option = {
long = "keepallold"
type = "flag"
help = "keep all old keys/password"
}
option = {
long = "pruneall"
type = "flag"
help = "delete all old keys"
}
argument = "principal..."
min_args = "1"
@@ -286,6 +308,27 @@ command = {
type = "flag"
help = "set random key"
}
option = {
long = "enctypes"
short = "e"
type = "string"
help = "encryption type(s)"
}
option = {
long = "keepold"
type = "flag"
help = "keep old keys/password needed to decrypt extant tickets (default)"
}
option = {
long = "keepallold"
type = "flag"
help = "keep all old keys/password"
}
option = {
long = "pruneall"
type = "flag"
help = "delete all old keys"
}
argument = "principal..."
min_args = "1"
help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
@@ -294,7 +337,7 @@ command = {
name = "get"
name = "get_entry"
function = "get_entry"
/* XXX sync options with "list" */
/* Options added to list should be added here; not the reverse */
option = {
long = "long"
short = "l"