diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-10-05 14:53:09 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-10-05 14:53:09 +0000 |
| commit | 96f2a016991c199be477b6abd48824ec1cb6641f (patch) | |
| tree | c1d70a4b27bf8befad040b06c4831e842506fd51 /src/include | |
| parent | 0ce5cb2e9dc040f35a91bca8dcad68d10ed7ea8a (diff) | |
| download | krb5-96f2a016991c199be477b6abd48824ec1cb6641f.tar.gz krb5-96f2a016991c199be477b6abd48824ec1cb6641f.tar.xz krb5-96f2a016991c199be477b6abd48824ec1cb6641f.zip | |
Propagate modprinc -unlock from master to slave KDCs
Create a new tl-data type to hold the time of the last administrative
unlock, and factor it into decisions about account lockout. Since
tl-data values are propagated from master to slave, this will cause
modprinc -unlock operations to reach slave KDCs on the next
propagation.
ticket: 6795
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/kdb.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index dac44ea551..4562279177 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -238,6 +238,7 @@ typedef struct __krb5_key_salt_tuple { #define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */ #define KRB5_TL_LM_KEY 0x0500 /* LM OWF */ #define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* <I>IssuerDN<S>SubjectDN */ +#define KRB5_TL_LAST_ADMIN_UNLOCK 0x0700 /* Timestamp of admin unlock */ /* version number for KRB5_TL_ACTKVNO data */ #define KRB5_TL_ACTKVNO_VER 1 @@ -494,6 +495,11 @@ krb5_dbe_update_last_pwd_change( krb5_context context, krb5_timestamp stamp); krb5_error_code +krb5_dbe_update_last_admin_unlock( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); + +krb5_error_code krb5_dbe_lookup_tl_data( krb5_context context, krb5_db_entry * entry, krb5_tl_data * ret_tl_data); @@ -523,6 +529,11 @@ krb5_dbe_lookup_last_pwd_change( krb5_context context, krb5_timestamp * stamp); krb5_error_code +krb5_dbe_lookup_last_admin_unlock( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * stamp); + +krb5_error_code krb5_dbe_delete_tl_data( krb5_context context, krb5_db_entry * entry, krb5_int16 tl_data_type); |