diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-01-08 15:20:45 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-01-09 15:35:43 -0500 |
| commit | 0780e46fc13dbafa177525164997cd204cc50b51 (patch) | |
| tree | eacb2400a78bfab43bbc95cb8ab3055498da881b /src/include | |
| parent | 090f561c631db7e4970b71cbe1426d636c39c77a (diff) | |
| download | krb5-0780e46fc13dbafa177525164997cd204cc50b51.tar.gz krb5-0780e46fc13dbafa177525164997cd204cc50b51.tar.xz krb5-0780e46fc13dbafa177525164997cd204cc50b51.zip | |
Allow principals to refer to nonexistent policies
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/kdb.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index 1bfb5d0457..78d78c55cd 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -215,7 +215,7 @@ typedef struct _osa_policy_ent_t { krb5_ui_4 pw_min_length; krb5_ui_4 pw_min_classes; krb5_ui_4 pw_history_num; - krb5_ui_4 policy_refcnt; + krb5_ui_4 policy_refcnt; /* no longer used */ /* Only valid if version > 1 */ krb5_ui_4 pw_max_fail; /* pwdMaxFailure */ krb5_ui_4 pw_failcnt_interval; /* pwdFailureCountInterval */ |