diff options
author | Russ Allbery <rra@stanford.edu> | 2007-04-16 21:35:01 +0000 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2007-04-16 21:35:01 +0000 |
commit | 4fc0ae1c5a5abdd76e1e75f96b81b37be5595a5e (patch) | |
tree | 071d4d59f3f955acbb5ddfffac2d7459ac987fef /src/kadmin | |
parent | 6a8de28f968b5e22f84348a27f566f953c02db7d (diff) | |
download | krb5-4fc0ae1c5a5abdd76e1e75f96b81b37be5595a5e.tar.gz krb5-4fc0ae1c5a5abdd76e1e75f96b81b37be5595a5e.tar.xz krb5-4fc0ae1c5a5abdd76e1e75f96b81b37be5595a5e.zip |
Add support for extracting existing keys from the KDC with kadmin.local.
Adds a -norandkey option to the ktadd command only in kadmin.local, and
adds a new function to the libkadm5srv library that kadmin.local can
call. There is no protocol or network access to this function.
Ticket: 914
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19474 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin')
-rw-r--r-- | src/kadmin/cli/kadmin.M | 22 | ||||
-rw-r--r-- | src/kadmin/cli/keytab.c | 27 |
2 files changed, 47 insertions, 2 deletions
diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index 20958e88e6..7739bbbbe3 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -749,11 +749,29 @@ kadmin: .TP \fBktadd\fP [\fB\-k\fP \fIkeytab\fP] [\fB\-q\fP] [\fB\-e\fP \fIkeysaltlist\fP] .br -[\fIprincipal\fP | \fB\-glob\fP \fIprinc-exp\fP] [\fI...\fP] +[\fB\-norandkey\fP] [[\fIprincipal\fP | \fB\-glob\fP \fIprinc-exp\fP] [\fI...\fP] .br Adds a principal or all principals matching .I princ-exp -to a keytab, randomizing each principal's key in the process. Requires the +to a keytab. +It randomizes each principal's key in the process, to prevent a +compromised admin account from reading out all of the keys from the +database. However, +.B kadmin.local +has the +.B \-norandkey +option, which leaves the keys and their version numbers unchanged, +similar to the Kerberos V4 +.B ext_srvtab +command. +That allows users to continue to use the passwords they know +to login normally, while simultaneously allowing scripts +to login to the same account using a keytab. +There is no significant security risk added since +.B kadmin.local +must be run by root on the KDC anyway. +.sp +Requires the .I inquire and .I changepw diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c index d0fca77d5a..297b7994ea 100644 --- a/src/kadmin/cli/keytab.c +++ b/src/kadmin/cli/keytab.c @@ -55,9 +55,17 @@ static char *etype_string(krb5_enctype enctype); static int quiet; +#ifdef KADMIN_LOCAL +static int norandkey; +#endif + static void add_usage() { +#ifdef KADMIN_LOCAL + fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]\n"); +#else fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n"); +#endif } static void rem_usage() @@ -126,6 +134,9 @@ void kadmin_keytab_add(int argc, char **argv) argc--; argv++; quiet = 0; +#ifdef KADMIN_LOCAL + norandkey = 0; +#endif while (argc) { if (strncmp(*argv, "-k", 2) == 0) { argc--; argv++; @@ -136,6 +147,10 @@ void kadmin_keytab_add(int argc, char **argv) keytab_str = *argv; } else if (strcmp(*argv, "-q") == 0) { quiet++; +#ifdef KADMIN_LOCAL + } else if (strcmp(*argv, "-norandkey") == 0) { + norandkey++; +#endif } else if (strcmp(*argv, "-e") == 0) { argc--; if (argc < 1) { @@ -160,6 +175,13 @@ void kadmin_keytab_add(int argc, char **argv) return; } +#ifdef KADMIN_LOCAL + if (norandkey && ks_tuple) { + fprintf(stderr, "cannot specify keysaltlist when not changing key\n"); + return; + } +#endif + if (process_keytab(context, &keytab_str, &keytab)) return; @@ -261,6 +283,11 @@ int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab, goto cleanup; } +#ifdef KADMIN_LOCAL + if (norandkey) + code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys); + else +#endif if (keepold || ks_tuple != NULL) { code = kadm5_randkey_principal_3(lhandle, princ, keepold, n_ks_tuple, ks_tuple, |