summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-06-10 14:24:18 -0400
committerSimo Sorce <ssorce@redhat.com>2011-08-26 08:24:49 -0400
commit229b9a209cabc0f9dbdd630c0753cb565fab99c5 (patch)
treeac349e2ef0bb6c7c904317e0f5ca958d6debf4a5 /daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
parent5746bbe92a82946a6fa8d8db2be54e075564535d (diff)
downloadfreeipa-229b9a209cabc0f9dbdd630c0753cb565fab99c5.tar.gz
freeipa-229b9a209cabc0f9dbdd630c0753cb565fab99c5.tar.xz
freeipa-229b9a209cabc0f9dbdd630c0753cb565fab99c5.zip
ipa-pwd-extop: Use the proper mkvno number in keys
Setting 0 will work as MIT KDCs assume the current master key when that is found. But it is a legacy compatibility mode and we should instead set the proper mkvno number on keys so changeing master key becomes possible w/o having to do a dump reload and stopping the service. This is especially important in replicated environments.
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c')
-rw-r--r--daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index d03579fa1..28b84f43b 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -680,8 +680,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
kset->major_vno = 1;
kset->minor_vno = 1;
kset->kvno = kvno;
- /* we also assum mkvno is 0 */
- kset->mkvno = 0;
+ kset->mkvno = krbcfg->mkvno;
kset->keys = NULL;
kset->num_keys = 0;