cd2e423d10
We derive keysets for virtual host-based service principals, and that includes the `set_time` field of keys. But applications using the kadm5 API lose that information. Our httpkadmind wants to set a Cache-Control header with an appropriate max-age so that clients know when to re-fetch keytabs. We could extract some of the lib/hdb/common.c functions so that httpkadmind could re-create an HDB_entry from a kadm5 entry then compute the desired time, but ultimately we already have an appropriate field in the HDB_entry and kadm5_principal_ent_rec types: "password expiration". So let's set the `pw_end` of a virtual host-based service's HDB entry to the time when a client should next fetch the principal's keys, and we'll use that in httpkadmind as the `pw_expiration` field of the kadm5 entry type.
62 KiB
62 KiB