krb5.git/doc/admin/admin_commands, branch keyring MIT Kerberos patches Clarify kpropd standalone mode documentation 2013-11-01T14:55:39+00:00 Greg Hudson ghudson@mit.edu 2013-10-30T22:22:00+00:00 bfec0671ca6df811453d46a2f47afc7168b980fc The kpropd -S option is no longer needed to run kpropd in standalone mode, but its functionality is not deprecated; standalone mode is automatically activated when appropriate. Clarify the kpropd documentation on standalone mode to avoid giving the impression that the mode is deprecated. ticket: 7751 (new) target_version: 1.12 tags: pullup 
The kpropd -S option is no longer needed to run kpropd in standalone
mode, but its functionality is not deprecated; standalone mode is
automatically activated when appropriate.  Clarify the kpropd
documentation on standalone mode to avoid giving the impression that
the mode is deprecated.

ticket: 7751 (new)
target_version: 1.12
tags: pullup
Use active master key in update_princ_encryption 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-23T15:55:19+00:00 4ccc18bc3ddc49d0fd0d2de00ec91c0fa44c53a8 kdb5_util update_princ_encryption should update to the active master key version, not the most recent. ticket: 6507 target_version: 1.12 tags: pullup 
kdb5_util update_princ_encryption should update to the active master
key version, not the most recent.

ticket: 6507
target_version: 1.12
tags: pullup
Omit signedpath if no_auth_data_required is set 2013-08-20T04:25:02+00:00 Greg Hudson ghudson@mit.edu 2013-08-20T00:01:03+00:00 eaaf406f5ab3224fc262da300476efa21b407bed The no_auth_data_required bit was introduced to suppress PACs in service tickets when the back end supports them. Make it also suppress AD-SIGNEDPATH, so that the ~70-byte expansion of the ticket can be avoided for services which aren't going to do constrained delegation. ticket: 7697 (new) 
The no_auth_data_required bit was introduced to suppress PACs in
service tickets when the back end supports them.  Make it also
suppress AD-SIGNEDPATH, so that the ~70-byte expansion of the ticket
can be avoided for services which aren't going to do constrained
delegation.

ticket: 7697 (new)
Add kadmin support for principals without keys 2013-07-15T16:31:38+00:00 Greg Hudson ghudson@mit.edu 2013-07-09T14:58:49+00:00 57d0b4b300e43722ae9f080fbf132edeb3834323 Add kadmin support for "addprinc -nokey", which creates a principal with no keys, and "purgekeys -all", which deletes all keys from a principal. The KDC was modified by #7630 to support principals without keys. ticket: 7679 (new) 
Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal.  The KDC was modified by #7630 to support principals
without keys.

ticket: 7679 (new)
Document preauth flags for service principals 2013-05-31T17:09:45+00:00 Ben Kaduk kaduk@mit.edu 2013-05-30T22:49:36+00:00 7425e9b69566c241c54eb2686fb37f216122423f These flags are overloaded to mean different things for clients and servers; previously we only documented the client behavior. ticket: 7653 (new) tags: pullup target_version: 1.11.4 
These flags are overloaded to mean different things for clients and
servers; previously we only documented the client behavior.

ticket: 7653 (new)
tags: pullup
target_version: 1.11.4
Replace "First introduced" with concise "New" 2013-03-25T19:18:53+00:00 Zhanna Tsitkov tsitkova@mit.edu 2013-03-25T19:18:53+00:00 18d52ef70d7f518d78263f475b9ffad87f2c91e7 






Add support for k5srvutil -e keysalts
2013-03-11T18:34:17+00:00

Alex Dehnert
adehnert@mit.edu

2013-03-09T04:48:33+00:00

4b7517731a0bf1026ff5a9a6eb1cc16b52f6debb

k5srvutil is a little more convenient to use for rolling keys than
kadmin is.  When migrating off 1DES, though, it may be desirable to
explicitly specify the desired keysalts.  This adds an option, -e, to
k5srvutil to specify desired keysalts.

[ghudson@mit.edu: style fix; make whitespace in keysalt list work]

ticket: 7589 (new)





k5srvutil is a little more convenient to use for rolling keys than
kadmin is.  When migrating off 1DES, though, it may be desirable to
explicitly specify the desired keysalts.  This adds an option, -e, to
k5srvutil to specify desired keysalts.

[ghudson@mit.edu: style fix; make whitespace in keysalt list work]

ticket: 7589 (new)







Remove -b6 and -old dump formats
2013-02-04T23:53:26+00:00

Greg Hudson
ghudson@mit.edu

2013-02-04T23:43:22+00:00

581b1141d628ca01414bcae68e23d45320403dba

Get rid of the code to dump and load -b6 and -old format dump files.
Loading these versions hasn't worked since at least 1.3.

ticket: 7564 (new)





Get rid of the code to dump and load -b6 and -old format dump files.
Loading these versions hasn't worked since at least 1.3.

ticket: 7564 (new)







Note which release -x debug was added in
2013-01-29T18:20:33+00:00

Greg Hudson
ghudson@mit.edu

2013-01-29T18:16:05+00:00

a453a2c654f7c4ca447d336199f395b8fa305de8












Add LDAP debug DB option
2013-01-29T03:32:29+00:00

Greg Hudson
ghudson@mit.edu

2013-01-29T03:30:41+00:00

8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8

Add a DB option in the LDAP KDB module to turn on debugging messages.
Adapted from a patch by Zoran Pericic <zpericic@inet.hr>.

ticket: 7551 (new)





Add a DB option in the LDAP KDB module to turn on debugging messages.
Adapted from a patch by Zoran Pericic <zpericic@inet.hr>.

ticket: 7551 (new)