From dacc1c6b8e8d4bdd1daffb84efd58f16e45e3cba Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 29 Jul 2010 19:25:17 -0700
Subject: Abort rekeying if we fail on the first principal

If we get a failure to rekey a principal before we've succeeded with
any principal, abort rather than continuing.
---
 client/keytab.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'client')

diff --git a/client/keytab.c b/client/keytab.c
index e00c2dd..16a94f3 100644
--- a/client/keytab.c
+++ b/client/keytab.c
@@ -227,6 +227,8 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
         status = download_keytab(r, type, current->princ, &data, &length);
         if (status != 0) {
             warn("error rekeying for principal %s", current->princ);
+            if (!rekeyed)
+                die("aborting, keytab unchanged");
             error = true;
         } else if (data != NULL) {
             if (access(tempfile, F_OK) == 0)
-- 
cgit v1.2.3