diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-02-09 13:37:58 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-02-09 13:37:58 -0800 |
| commit | 2d33440272200cad20a5a4c58e5d8aa0dfad9a1f (patch) | |
| tree | ee0b7718544e6ae054c52b273f5a51a085b228bb /client/keytab.c | |
| parent | 03889c8b1b3145e5e79a7f05763a55c788ef8672 (diff) | |
Remove kaserver synchronization support from the wallet client
The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S. Instead, it just extracts the DES key
from the keytab and writes it to a srvtab. It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab. This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
Diffstat (limited to 'client/keytab.c')
| -rw-r--r-- | client/keytab.c | 38 |
1 files changed, 1 insertions, 37 deletions
diff --git a/client/keytab.c b/client/keytab.c index bdd0134..393ce3c 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -2,7 +2,7 @@ * Implementation of keytab handling for the wallet client. * * Written by Russ Allbery <rra@stanford.edu> - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ @@ -64,39 +64,6 @@ merge_keytab(krb5_context ctx, const char *newfile, const char *file) /* - * Configure a given keytab to be synchronized with an AFS kaserver if it - * isn't already. Returns true on success, false on failure. - */ -static int -set_sync(struct remctl *r, const char *type, const char *name) -{ - const char *command[7]; - char *data = NULL; - size_t length = 0; - int status; - - command[0] = type; - command[1] = "getattr"; - command[2] = "keytab"; - command[3] = name; - command[4] = "sync"; - command[5] = NULL; - status = run_command(r, command, &data, &length); - if (status != 0) - return 0; - if (data == NULL || strstr(data, "kaserver\n") == NULL) { - command[1] = "setattr"; - command[5] = "kaserver"; - command[6] = NULL; - status = run_command(r, command, NULL, NULL); - if (status != 0) - return 0; - } - return 1; -} - - -/* * Given a remctl object, the Kerberos context, the name of a keytab object, * and a file name, call the correct wallet commands to download a keytab and * write it to that file. Returns the setatus or 255 on an internal error. @@ -111,9 +78,6 @@ get_keytab(struct remctl *r, krb5_context ctx, const char *type, size_t length = 0; int status; - if (srvtab != NULL) - if (!set_sync(r, type, name)) - return 255; command[0] = type; command[1] = "get"; command[2] = "keytab"; |