diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-02-04 14:01:40 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-02-04 16:53:50 -0500 |
commit | 1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e (patch) | |
tree | 3eff533e2ce72f949e2b29b78030132c1477f9cf | |
parent | 1b7f7eef8a95bda0135159b2c06a168b56d9f42b (diff) | |
download | krb5-1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e.tar.gz krb5-1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e.tar.xz krb5-1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e.zip |
Simplify kdb5_util create using a null password
kadm5_create_principal now uses a random key if passed a null
password, so we don't need a multi-step process to create admin
principals when creating a database any more.
-rw-r--r-- | src/kadmin/dbutil/kadm5_create.c | 37 |
1 files changed, 7 insertions, 30 deletions
diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index 567f5f5dc5..40f89a7ce2 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -291,39 +291,16 @@ int add_admin_princ(void *handle, krb5_context context, return(ERR); } ent.max_life = lifetime; - ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX; + ent.attributes = attrs; ret = kadm5_create_principal(handle, &ent, (KADM5_PRINCIPAL | KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), - "to-be-random"); - if (ret) { - if (ret != KADM5_DUP) { - com_err(progname, ret, _("while creating principal %s"), fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - } else { - /* only randomize key if we created the principal */ - ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL); - if (ret) { - com_err(progname, ret, _("while randomizing principal %s"), - fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - - ent.attributes = attrs; - ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES); - if (ret) { - com_err(progname, ret, _("while setting attributes on %s"), - fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } + KADM5_ATTRIBUTES), NULL); + if (ret && ret != KADM5_DUP) { + com_err(progname, ret, _("while creating principal %s"), fullname); + krb5_free_principal(context, ent.principal); + free(fullname); + return ERR; } krb5_free_principal(context, ent.principal); |