From 009de8debb0cbda0b74903d07b935e830fe2b0a1 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Oct 2007 01:42:46 +0000 Subject: Initial implementation of enctype restriction with a basic test suite. Still needs a more comprehensive test suite. Remove all attributes for a keytab object when it is destroyed so that when the object is recreated, it doesn't inherit attributes from its previous self. Add a test case for that for the sync attribute. --- docs/design-api | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/design-api b/docs/design-api index 8c5c1d5..cb4bfa6 100644 --- a/docs/design-api +++ b/docs/design-api @@ -76,10 +76,12 @@ Object API Destroys the given object. Backend implementations should override this method if they need to destroy the object in an external system - and then call the parent method to do the database cleanup. For - example, the keytab backend overrides this method to destroy the - principal in the Kerberos KDC. Be careful not to require that the - object exist in a remote system for destroy() to work, since an + or if they have any object-specific attributes to remove. Overriding + methods should then call the parent method to do the database cleanup. + For example, the keytab backend overrides this method to destroy the + principal in the Kerberos KDC and remove the enctypes and sync + attribute data from auxiliary tables. Be careful not to require that + the object exist in a remote system for destroy() to work, since an administrator will want to destroy an orphaned wallet database entry after something happened to the remote system entry. -- cgit v1.2.3