oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add new kadmin/ktutil --keep* and --enctypes opts

Browse Source 
- Add --keepold/keepallold/pruneall options to various kadmin/ktutil
   commands.  Default behavior to "prune old keys".

 - When setting keys for a service, we need to specify enctypes for it:

    - Always use kadm5_randkey_principal_3() instead of the older
      kadm5_randkey_principal().

    - Add krb5_string_to_keysalts2(), like MIT's krb5_string_to_keysalts(),
      but with a context, and simpler.

    - Add --enctypes options to various kadmin/ktutil commands.

    - Add [libdefaults] supported_enctypes param with enctype[:salttype]
      list.

    - Add [realms] realm supported_enctypes param with enctype[:salttype]
      list.

      Default to aes128-cts-hmac-sha1-96:normal.
This commit is contained in:
Nicolas Williams
2019-01-01 17:25:06 -06:00
committed by Nico Williams
parent 7b76d6719f
commit d8394c65b7
18 changed files with 574 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/kdc/check-kadmin.in
View File

@@ -87,9 +87,12 @@ ${kadmin} -l add -p "$foopassword" --use-defaults fez@${R} || exit 1
${kadmin} -l add -p "$foopassword" --use-defaults hasalias@${R} || exit 1
${kadmin} -l add -p "$foopassword" --use-defaults pkinit@${R} || exit 1
${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1
${kadmin} -l add -p foo --use-defaults prune@${R} || exit 1
${kadmin} -l add -p "$foopassword" --use-defaults prune@${R} || exit 1
${kadmin} -l cpw --keepold --random-key prune@${R} || exit 1
${kadmin} -l cpw --keepold --random-key prune@${R} || exit 1
${kadmin} -l add -p "$foopassword" --use-defaults pruneall@${R} || exit 1
${kadmin} -l cpw --pruneall --random-key pruneall@${R} || exit 1
${kadmin} -l cpw --pruneall --random-key pruneall@${R} || exit 1
echo "$foopassword" > ${objdir}/foopassword
@@ -382,6 +385,23 @@ cat kadmin.tmp | ${EGREP} Keytypes: | cut -d: -f2 | tr ' ' '
' | ${EGREP} '^13$' > /dev/null || \
{ echo "kadmin prune failed $?"; cat messages.log ; exit 1; }
#----------------------------------
${kadmind} -d &
kadmpid=$!
sleep 1
echo "kadmin pruneall"
env KRB5CCNAME=${cache} \
${kadmin} get pruneall@${R} \
> kadmin.tmp 2>&1 || \
{ echo "kadmin failed $?"; cat messages.log ; exit 1; }
wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
cat kadmin.tmp | ${EGREP} Keytypes: | cut -d: -f2 | tr ' ' '
' | sed 's/^.*[[]\(.*\)[]].*$/\1/' | grep '[0-9]' | sort -nu | tr -d '
' | ${EGREP} '^3$' > /dev/null || \
{ echo "kadmin pruneall failed $?"; cat messages.log ; exit 1; }
#----------------------------------
echo "killing kdc (${kdcpid} ${kadmpid})"