diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-10-09 19:05:45 +0000 | 
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-10-09 19:05:45 +0000 | 
| commit | 16c2fc19f3955afa1e6579e450594253a7e0a69a (patch) | |
| tree | 828fc4bef99e463312467badd6b1e5c1d93ca462 | |
| parent | 62b8ed8126729623199e47af565a6f69083ecee6 (diff) | |
Add user documentation for the enctypes attribute on keytabs.  Mention
that the enctype must be in the database in the keytab object API
documentation.
The README and NEWS files are now done.
| -rw-r--r-- | TODO | 6 | ||||
| -rw-r--r-- | client/wallet.pod | 12 | ||||
| -rw-r--r-- | perl/Wallet/Object/Keytab.pm | 8 | ||||
| -rwxr-xr-x | server/wallet-backend | 12 | 
4 files changed, 29 insertions, 9 deletions
| @@ -2,17 +2,11 @@  Minimum required to replace leland_srvtab: -* Add support for limiting the enctypes of created keytabs by setting the -  enctype attribute on the object and include the enctypes in the object -  show display. -  * Add support to the test suite for specifying a different database than    SQLite for testing.  For MySQL and other database types that we can't    just delete, also requires adding a method to Wallet::Schema to drop all    of our tables and indices in reverse order of creation. -* Add README and NEWS files and update web page. -  * Write the remctl configuration and finish Debian packaging of the    wallet client and server. diff --git a/client/wallet.pod b/client/wallet.pod index 6d325e9..28b472d 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -287,6 +287,18 @@ Keytab objects support the following attributes:  =over 4 +=item enctypes + +Restricts the generated keytab to a specific set of encryption types.  The +values of this attribute must be enctype strings recognized by Kerberos +(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should +not be included; since the salt is irrelevant for keytab keys, it will +always be set to C<normal> by the wallet. + +If this attribute is set, the specified enctype list will be passed to ktadd +when get() is called for that keytab.  If it is not set, the default set in +the KDC will be used. +  =item sync  Sets the external systems to which the key of a given principal is diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm index 34eb171..efe5a34 100644 --- a/perl/Wallet/Object/Keytab.pm +++ b/perl/Wallet/Object/Keytab.pm @@ -748,9 +748,11 @@ supported:  Restricts the generated keytab to a specific set of encryption types.  The  values of this attribute must be enctype strings recognized by Kerberos -(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should -not be included; since the salt is irrelevant for keytab keys, it will -always be set to C<normal> by the wallet. +(strings like C<aes256-cts> or C<des-cbc-crc>).  Encryption types must also +be present in the list of supported enctypes stored in the database database +or the attr() method will reject them.  Note that the salt should not be +included; since the salt is irrelevant for keytab keys, it will always be +set to C<normal> by the wallet.  If this attribute is set, the specified enctype list will be passed to  ktadd when get() is called for that keytab.  If it is not set, the default diff --git a/server/wallet-backend b/server/wallet-backend index 0daf08d..9c6632e 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -394,6 +394,18 @@ Keytab objects support the following attributes:  =over 4 +=item enctypes + +Restricts the generated keytab to a specific set of encryption types.  The +values of this attribute must be enctype strings recognized by Kerberos +(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should +not be included; since the salt is irrelevant for keytab keys, it will +always be set to C<normal> by the wallet. + +If this attribute is set, the specified enctype list will be passed to ktadd +when get() is called for that keytab.  If it is not set, the default set in +the KDC will be used. +  =item sync  Sets the external systems to which the key of a given principal is | 
