cd2e423d10
We derive keysets for virtual host-based service principals, and that includes the `set_time` field of keys. But applications using the kadm5 API lose that information. Our httpkadmind wants to set a Cache-Control header with an appropriate max-age so that clients know when to re-fetch keytabs. We could extract some of the lib/hdb/common.c functions so that httpkadmind could re-create an HDB_entry from a kadm5 entry then compute the desired time, but ultimately we already have an appropriate field in the HDB_entry and kadm5_principal_ent_rec types: "password expiration". So let's set the `pw_end` of a virtual host-based service's HDB entry to the time when a client should next fetch the principal's keys, and we'll use that in httpkadmind as the `pw_expiration` field of the kadm5 entry type.
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status