9 Commits

Author SHA1 Message Date
Nicolas Williams
fbb3bd3f8b krb5: Constify principal arg to some functions 2020-09-07 22:04:59 -05:00
Nicolas Williams
d8394c65b7 Add new kadmin/ktutil --keep* and --enctypes opts
- Add --keepold/keepallold/pruneall options to various kadmin/ktutil
   commands.  Default behavior to "prune old keys".

 - When setting keys for a service, we need to specify enctypes for it:

    - Always use kadm5_randkey_principal_3() instead of the older
      kadm5_randkey_principal().

    - Add krb5_string_to_keysalts2(), like MIT's krb5_string_to_keysalts(),
      but with a context, and simpler.

    - Add --enctypes options to various kadmin/ktutil commands.

    - Add [libdefaults] supported_enctypes param with enctype[:salttype]
      list.

    - Add [realms] realm supported_enctypes param with enctype[:salttype]
      list.

      Default to aes128-cts-hmac-sha1-96:normal.
2019-01-02 17:29:08 -06:00
Nicolas Williams
f38089257b Misc fixes (coverity) 2016-11-20 17:43:51 -06:00
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Love Hornquist Astrand
b1909b2daa Fixes from NetBSD via Thomas Klausner and Roland C. Dowdeswell 2011-05-04 21:31:10 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
1bb482e168 prefix internal structures with _krb5_ 2011-03-12 13:50:39 -08:00
Love Hornquist Astrand
03806492d9 prefix symbols that are _krb5_ structures 2011-03-12 13:45:09 -08:00
Simon Wilkinson
1d9072f026 krb5: reorganise crypto.c
lib/krb5/crypto.c was a large, monolithic block of code which made
it very difficult to selectively enable and disable particular
alogrithms.

Reorganise crypto.c into individual files for each encryption and
salt time, and place the structures which tie everything together
into their own file (crypto-algs.c)

Add a non-installed library (librfc3961) and test program
(test_rfc3961) which builds a minimal rfc3961 crypto library, and
checks that it is usable.
2010-11-03 11:12:24 +00:00