diff options
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | client/wallet.pod | 5 | ||||
| -rw-r--r-- | perl/Wallet/Object/Keytab.pm | 5 | ||||
| -rwxr-xr-x | server/wallet-backend | 5 |
4 files changed, 20 insertions, 0 deletions
@@ -1,5 +1,10 @@ User-Visible wallet Changes +wallet 0.3 (unreleased) + + The keytab backend now supports limiting generated keytabs to + particular enctypes by setting an attribute on the object. + wallet 0.2 (2007-10-08) First public alpha release. Only tested with SQLite 3, no history diff --git a/client/wallet.pod b/client/wallet.pod index 28b472d..7d70a9d 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -299,6 +299,11 @@ If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in the KDC will be used. +This attribute is ignored if the C<unchanging> flag is set on a keytab. +Keytabs retrieved with C<unchanging> set will contain all keys present in +the KDC for that Kerberos principal and therefore may contain different +enctypes than those requested by this attribute. + =item sync Sets the external systems to which the key of a given principal is diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm index efe5a34..673fee2 100644 --- a/perl/Wallet/Object/Keytab.pm +++ b/perl/Wallet/Object/Keytab.pm @@ -758,6 +758,11 @@ If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in the KDC will be used. +This attribute is ignored if the C<unchanging> flag is set on a keytab. +Keytabs retrieved with C<unchanging> set will contain all keys present in +the KDC for that Kerberos principal and therefore may contain different +enctypes than those requested by this attribute. + =item sync Sets the external systems to which the key of a given principal is diff --git a/server/wallet-backend b/server/wallet-backend index 9c6632e..4a5a868 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -406,6 +406,11 @@ If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in the KDC will be used. +This attribute is ignored if the C<unchanging> flag is set on a keytab. +Keytabs retrieved with C<unchanging> set will contain all keys present in +the KDC for that Kerberos principal and therefore may contain different +enctypes than those requested by this attribute. + =item sync Sets the external systems to which the key of a given principal is |