From 4ad367b4269811dd0b9abfa9c0e69a1a7490e4e9 Mon Sep 17 00:00:00 2001 From: Jon Robertson Date: Tue, 5 Jan 2010 14:42:29 -0800 Subject: Added randKeyPrincipal to the keytab creation process randKeyPrincipal was added to the keytab file creation process, in order to reset a principal to first have all possible enctypes. There is no way for us to specify that we only want a specific number of fresh enctypes, so we must reset to have all enctypes first, and then pare down from there each time we create the keytab. --- perl/Wallet/Kadmin/Heimdal.pm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'perl/Wallet/Kadmin') diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm index a9c83a2..e4d175b 100644 --- a/perl/Wallet/Kadmin/Heimdal.pm +++ b/perl/Wallet/Kadmin/Heimdal.pm @@ -136,7 +136,14 @@ sub ktadd { $principal .= '@' . $Wallet::Config::KEYTAB_REALM; } + # The way Heimdal works, you can only remove enctypes from a principal, + # not add them back in. So we need to run randkeyPrincipal first each + # time to restore all possible enctypes and then whittle them back down + # to those we have been asked for this time. my $kadmin = $self->{client}; + eval { $kadmin->randKeyPrincipal ($principal) }; + die "error creating keytab for $principal: could not reinit enctypes: $@" + if $@; my $princdata = eval { $kadmin->getPrincipal ($principal) }; if ($@) { die "error creating keytab for $principal: $@"; @@ -144,8 +151,7 @@ sub ktadd { die "error creating keytab for $principal: principal does not exist"; } - # Remove enctypes we don't want in this keytab. Must find all current - # keytypes, then remove those that do not match. + # Now actually remove any non-requested enctypes, if we requested any. if (@enctypes) { my (%wanted); my $alltypes = $princdata->getKeytypes (); -- cgit v1.2.3