diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-06-10 14:24:18 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-08-26 08:24:49 -0400 |
commit | 229b9a209cabc0f9dbdd630c0753cb565fab99c5 (patch) | |
tree | ac349e2ef0bb6c7c904317e0f5ca958d6debf4a5 /daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | |
parent | 5746bbe92a82946a6fa8d8db2be54e075564535d (diff) | |
download | freeipa-229b9a209cabc0f9dbdd630c0753cb565fab99c5.tar.gz freeipa-229b9a209cabc0f9dbdd630c0753cb565fab99c5.tar.xz freeipa-229b9a209cabc0f9dbdd630c0753cb565fab99c5.zip |
ipa-pwd-extop: Use the proper mkvno number in keys
Setting 0 will work as MIT KDCs assume the current master key when that is
found. But it is a legacy compatibility mode and we should instead set the
proper mkvno number on keys so changeing master key becomes possible w/o
having to do a dump reload and stopping the service. This is especially
important in replicated environments.
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index d03579fa1..28b84f43b 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -680,8 +680,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) kset->major_vno = 1; kset->minor_vno = 1; kset->kvno = kvno; - /* we also assum mkvno is 0 */ - kset->mkvno = 0; + kset->mkvno = krbcfg->mkvno; kset->keys = NULL; kset->num_keys = 0; |