From 84bc67a4964bd341b550bad89dc2d4a56dc875e6 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 26 Sep 2007 17:35:28 +0000 Subject: Add support for deleting principals out of the AFS kaserver (optionally) if synchronization is not set. --- perl/Wallet/Object/Keytab.pm | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'perl/Wallet/Object') diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm index 293e41e..4ae8e10 100644 --- a/perl/Wallet/Object/Keytab.pm +++ b/perl/Wallet/Object/Keytab.pm @@ -548,8 +548,11 @@ sub get { my @sync = $self->attr ('sync'); if (grep { $_ eq 'kaserver' } @sync) { unless ($self->kaserver_sync ($self->{name}, $file)) { + unlink $file; return undef; } + } elsif ($Wallet::Config::KEYTAB_AFS_DESTROY) { + $self->kaserver_destroy ($self->{name}); } unlink $file; $self->log_action ('get', $user, $host, $time); @@ -683,9 +686,15 @@ used. Retrieves a keytab for this object and returns the keytab data or undef on error. The caller should call error() to get the error message if get() returns undef. The keytab is created with C, invalidating any -existing keytabs for that principal. PRINCIPAL, HOSTNAME, and DATETIME are -stored as history information. PRINCIPAL should be the user who is -downloading the keytab. If DATETIME isn't given, the current time is used. +existing keytabs for that principal. PRINCIPAL, HOSTNAME, and DATETIME +are stored as history information. PRINCIPAL should be the user who is +downloading the keytab. If DATETIME isn't given, the current time is +used. + +If the configuration variable $KEYTAB_AFS_DESTROY is set and the C +attribute is not set to C, calling get() on a keytab object will +cause the corresponding Kerberos v4 principal to be destroyed. This +variable is not set by default. =back -- cgit v1.2.3