Remove kaserver synchronization support from the wallet client

The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S.  Instead, it just extracts the DES key
from the keytab and writes it to a srvtab.  It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab.  This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.

1 files changed, 2 insertions, 6 deletions

diff --git a/client/srvtab.c b/client/srvtab.c
index a01026e..5b52955 100644
--- a/client/srvtab.c
+++ b/client/srvtab.c
@@ -2,7 +2,7 @@
  * Implementation of srvtab handling for the wallet client.
  *
  * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
  *
  * See LICENSE for licensing terms.
  */
@@ -28,10 +28,6 @@
  * keytab and write it to the newly created srvtab file as a srvtab.  Convert
  * the principal from Kerberos v5 form to Kerberos v4 form.
  *
- * We always force the kvno to 0 for the srvtab.  This works with how the
- * wallet synchronizes keys with kasetkey, even though it's not particularly
- * correct.
- *
  * On any failure, print an error message to standard error and then exit.
  */
 void
@@ -84,7 +80,7 @@ write_srvtab(krb5_context ctx, const char *srvtab, const char *principal,
     strcpy(data + length, realm);
     length += strlen(realm);
     data[length++] = '\0';
-    data[length++] = '\0';
+    data[length++] = (unsigned char) entry.vno;
 #ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
     memcpy(data + length, entry.keyblock.keyvalue.data, 8);
 #else