From 2651ef4352c8cc782c4e0f3175257f7bb0c1e495 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 18 Feb 2010 18:03:09 -0800
Subject: Rename functions in Wallet::Kadmin API

Now that we support multiple versions of Kerberos, use generic names
for the functions in the Wallet::Kadmin interface rather than the
commands from the MIT kadmin interface.
---
 perl/Wallet/Object/Keytab.pm | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

(limited to 'perl/Wallet/Object')

diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 760280f..66c5e6a 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -289,7 +289,7 @@ sub create {
     my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
     $kadmin->fork_callback ($callback);
 
-    if (not $kadmin->addprinc ($name)) {
+    if (not $kadmin->create ($name)) {
         die $kadmin->error, "\n";
     }
     $self = $class->SUPER::create ($type, $name, $dbh, $creator, $host, $time);
@@ -318,7 +318,7 @@ sub destroy {
         return;
     }
     my $kadmin = $self->{kadmin};
-    if (not $kadmin->delprinc ($self->{name})) {
+    if (not $kadmin->destroy ($self->{name})) {
         $self->error ($kadmin->error);
         return;
     }
@@ -350,7 +350,7 @@ sub get {
     unlink $file;
     my @enctypes = $self->attr ('enctypes');
     my $kadmin = $self->{kadmin};
-    if (not $kadmin->ktadd ($self->{name}, $file, @enctypes)) {
+    if (not $kadmin->keytab ($self->{name}, $file, @enctypes)) {
         $self->error ($kadmin->error);
         return;
     }
@@ -520,19 +520,14 @@ used.
 
 =item KEYTAB_TMP/keytab.<pid>
 
-The keytab is created in this file using C<ktadd> and then read into
-memory.  KEYTAB_TMP is set in the wallet configuration, and <pid> is the
-process ID of the current process.  The file is unlinked after being read.
+The keytab is created in this file and then read into memory.  KEYTAB_TMP
+is set in the wallet configuration, and <pid> is the process ID of the
+current process.  The file is unlinked after being read.
 
 =back
 
 =head1 LIMITATIONS
 
-Currently, when used with MIT Kerberos, this implementation calls an
-external B<kadmin> program rather than using a native Perl module and
-therefore requires B<kadmin> be installed and parses its output.  It may
-miss some error conditions if the output of B<kadmin> ever changes.
-
 Only one Kerberos realm is supported for a given wallet implementation and
 all keytab objects stored must be in that realm.  Keytab names in the
 wallet database do not have realm information.
-- 
cgit v1.2.3