Fix wallet-rekey on keytabs containing multiple principals

Fix wallet-rekey on keytabs containing multiple principals. Previous versions assumed one could concatenate keytab files together to make a valid keytab file, which doesn't work with some Kerberos libraries. This caused new keys downloaded for principals after the first to be discarded. As a side effect of this fix, wallet-rekey always appends new keys directly to the existing keytab file, and never creates a backup copy of that file. Change-Id: I5f863239ce4ebba66b35ff09454f2897367bd359 Reviewed-on: https://gerrit.stanford.edu/1369 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
author: Russ Allbery <eagle@eyrie.org> 2014-01-06 21:09:00 -0800
committer: Russ Allbery <eagle@eyrie.org> 2014-01-06 21:15:12 -0800
commit: 826e2b129a1f3c450b2c8452b7fc6497b96316d5 (patch)
tree: 3b2007f8acf2473e5429d3d6bb5a763f56de9615 /NEWS
parent: e401cc8d28d3eec197ec4c855b4007d6a7ee39d4 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 460d475..a9305d7 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,14 @@
 
 wallet 1.1 (unreleased)
 
+    Fix wallet-rekey on keytabs containing multiple principals.  Previous
+    versions assumed one could concatenate keytab files together to make a
+    valid keytab file, which doesn't work with some Kerberos libraries.
+    This caused new keys downloaded for principals after the first to be
+    discarded.  As a side effect of this fix, wallet-rekey always appends
+    new keys directly to the existing keytab file, and never creates a
+    backup copy of that file.
+
     Fix the code to set enctype restrictions for keytab objects in the
     wallet server.
author	Russ Allbery <eagle@eyrie.org>	2014-01-06 21:09:00 -0800
committer	Russ Allbery <eagle@eyrie.org>	2014-01-06 21:15:12 -0800
commit	826e2b129a1f3c450b2c8452b7fc6497b96316d5 (patch)
tree	3b2007f8acf2473e5429d3d6bb5a763f56de9615 /NEWS
parent	e401cc8d28d3eec197ec4c855b4007d6a7ee39d4 (diff)