diff options
author | Alex Dehnert <adehnert@mit.edu> | 2013-03-08 23:48:33 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-03-11 14:34:17 -0400 |
commit | 4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb (patch) | |
tree | 4285c2f1ee344f1f886e3503696c316976ddf197 /src/kadmin/cli | |
parent | ec217570e20d4702be2830235bad56184d47b1d2 (diff) | |
download | krb5-4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb.tar.gz krb5-4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb.tar.xz krb5-4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb.zip |
Add support for k5srvutil -e keysalts
k5srvutil is a little more convenient to use for rolling keys than
kadmin is. When migrating off 1DES, though, it may be desirable to
explicitly specify the desired keysalts. This adds an option, -e, to
k5srvutil to specify desired keysalts.
[ghudson@mit.edu: style fix; make whitespace in keysalt list work]
ticket: 7589 (new)
Diffstat (limited to 'src/kadmin/cli')
-rwxr-xr-x | src/kadmin/cli/k5srvutil.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/kadmin/cli/k5srvutil.sh b/src/kadmin/cli/k5srvutil.sh index e1284e6af4..050fa8776f 100755 --- a/src/kadmin/cli/k5srvutil.sh +++ b/src/kadmin/cli/k5srvutil.sh @@ -38,7 +38,7 @@ cmd_error() { } usage() { - echo "Usage: $0 [-i] [-f file] list|change|delete|delold" + echo "Usage: $0 [-i] [-f file] [-e keysalts] list|change|delete|delold" } @@ -47,7 +47,8 @@ change_key() { princs=`list_princs ` for princ in $princs; do if interactive_prompt "Change key " $princ; then - kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ" + kadmin -k -t $keytab -p $princ -q \ + "ktadd -k $keytab $keysalts $princ" fi done } @@ -74,6 +75,7 @@ delete_keys() { keytab=/etc/krb5.keytab interactive=0 +keysalts="" while [ $# -gt 0 ] ; do opt=$1 @@ -86,6 +88,10 @@ while [ $# -gt 0 ] ; do "-i") interactive=1 ;; + "-e") + keysalts="$keysalts -e \"$1\"" + shift + ;; change|delold|delete|list) set_command $opt ;; |