Master Key Migration Project

Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration

This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key.  In addition
deletion of master keys is provided. 

ticket: 6354

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 6 insertions, 0 deletions

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 573a2c04c7..81e74758fb 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -98,6 +98,7 @@ void *global_server_handle;
 #define OVSEC_KADM_CHANGEPW_SERVICE	"ovsec_adm/changepw"
 
 extern krb5_keyblock master_keyblock;
+extern krb5_keylist_node  *master_keylist;
 
 char *build_princ_name(char *name, char *realm);
 void log_badauth(OM_uint32 major, OM_uint32 minor,
@@ -395,6 +396,11 @@ int main(int argc, char *argv[])
 	  krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab.");
 	  goto kterr;
      }
+     ret = krb5_db_set_mkey_list(hctx, master_keylist);
+     if (ret) {
+	  krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab.");
+	  goto kterr;
+     }
      ret = krb5_kt_register(context, &krb5_kt_kdb_ops);
      if (ret) {
 	  krb5_klog_syslog(LOG_ERR, "Can't register kdb keytab.");