Fix wallet-rekey on keytabs containing multiple principals

Fix wallet-rekey on keytabs containing multiple principals. Previous versions assumed one could concatenate keytab files together to make a valid keytab file, which doesn't work with some Kerberos libraries. This caused new keys downloaded for principals after the first to be discarded. As a side effect of this fix, wallet-rekey always appends new keys directly to the existing keytab file, and never creates a backup copy of that file. Change-Id: I5f863239ce4ebba66b35ff09454f2897367bd359 Reviewed-on: https://gerrit.stanford.edu/1369 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
author: Russ Allbery <eagle@eyrie.org> 2014-01-06 21:09:00 -0800
committer: Russ Allbery <rra@stanford.edu> 2014-01-06 21:13:33 -0800
commit: 782e71d568957e05233f63fa8dca7cc53ba1afa1 (patch)
tree: d8372803edd356cf7b18d5a9020215215b1b4b2b /NEWS
parent: 0cc453bcfb8fc4b5cf7378fa8d6496f7d6f6efc3 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 5ff85d0..165622a 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,14 @@
 
 wallet 1.1 (unreleased)
 
+    Fix wallet-rekey on keytabs containing multiple principals.  Previous
+    versions assumed one could concatenate keytab files together to make a
+    valid keytab file, which doesn't work with some Kerberos libraries.
+    This caused new keys downloaded for principals after the first to be
+    discarded.  As a side effect of this fix, wallet-rekey always appends
+    new keys directly to the existing keytab file, and never creates a
+    backup copy of that file.
+
     Fix the code to set enctype restrictions for keytab objects in the
     wallet server.
author	Russ Allbery <eagle@eyrie.org>	2014-01-06 21:09:00 -0800
committer	Russ Allbery <rra@stanford.edu>	2014-01-06 21:13:33 -0800
commit	782e71d568957e05233f63fa8dca7cc53ba1afa1 (patch)
tree	d8372803edd356cf7b18d5a9020215215b1b4b2b /NEWS
parent	0cc453bcfb8fc4b5cf7378fa8d6496f7d6f6efc3 (diff)