diff options
| author | Simo Sorce <ssorce@redhat.com> | 2011-06-10 14:24:18 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-08-26 08:24:49 -0400 |
| commit | 229b9a209cabc0f9dbdd630c0753cb565fab99c5 (patch) | |
| tree | ac349e2ef0bb6c7c904317e0f5ca958d6debf4a5 /daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | |
| parent | 5746bbe92a82946a6fa8d8db2be54e075564535d (diff) | |
| download | freeipa.git-229b9a209cabc0f9dbdd630c0753cb565fab99c5.tar.gz freeipa.git-229b9a209cabc0f9dbdd630c0753cb565fab99c5.tar.xz freeipa.git-229b9a209cabc0f9dbdd630c0753cb565fab99c5.zip | |
ipa-pwd-extop: Use the proper mkvno number in keys
Setting 0 will work as MIT KDCs assume the current master key when that is
found. But it is a legacy compatibility mode and we should instead set the
proper mkvno number on keys so changeing master key becomes possible w/o
having to do a dump reload and stopping the service. This is especially
important in replicated environments.
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c')
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c index 970d26b5..6be02f9f 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c @@ -298,8 +298,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, kset->minor_vno = 1; /* increment kvno (will be 1 if this is a new entry) */ kset->kvno = kvno + 1; - /* we also assum mkvno is 0 */ - kset->mkvno = 0; + kset->mkvno = krbcfg->mkvno; kset->num_keys = krbcfg->num_pref_encsalts; kset->keys = calloc(kset->num_keys, sizeof(struct ipapwd_krbkey)); |