Remove admin_keytab references in code and docs

The admin keytab hasn't been needed or used by kadmind since 1.4
(except possibly by legacy admin daemons which we no longer ship).
Eliminate remaining references to it in code, test cases, and
documentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 1 insertions, 33 deletions

diff --git a/src/kadmin/server/kadmind.M b/src/kadmin/server/kadmind.M
index d54b7c215..83c67ec3e 100644
--- a/src/kadmin/server/kadmind.M
+++ b/src/kadmin/server/kadmind.M
@@ -32,19 +32,6 @@ understands a number of variable settings in this file, some of which are
 mandatory and some of which are optional.  See the CONFIGURATION VALUES
 section below.
 .TP
-keytab
-.B Kadmind
-requires a keytab containing correct entries for the 
-.I kadmin/admin
-and
-.I kadmin/changepw
-principals for every realm that kadmind will answer requests for.  The
-keytab can be created with the
-.IR kadmin (8)
-client.  The location of the keytab is determined by the
-.I admin_keytab
-configuration variable (see CONFIGURATION VALUES).
-.TP
 ACL file
 .BR Kadmind 's
 ACL (access control list) tells it which principals are allowed to
@@ -145,17 +132,6 @@ The path of kadmind's password dictionary.  A principal with any
 password policy will not be allowed to select any password in the
 dictionary.  Optional.  No default.
 .TP
-admin_keytab
-The name of the keytab containing entries for the principals
-.I kadmin/admin
-and
-.I kadmin/changepw
-in each realm that
-.B kadmind
-will serve.  The default is the value of the 
-.SM KRB5_KTNAME
-environment variable, if defined.  Mandatory.
-.TP
 kadmind_port
 The
 .SM TCP
diff --git a/src/kadmin/testing/proto/kdc.conf.proto b/src/kadmin/testing/proto/kdc.conf.proto
index 6f9edeb5b..943270d98 100644
--- a/src/kadmin/testing/proto/kdc.conf.proto
+++ b/src/kadmin/testing/proto/kdc.conf.proto
@@ -5,7 +5,6 @@
 	__REALM__ = {
 		profile = __K5ROOT__/krb5.conf
 		database_name = __K5ROOT__/kdb5
-		admin_keytab = __K5ROOT__/ovsec_adm.srvtab
 		key_stash_file = __K5ROOT__/.k5.__REALM__
 		acl_file = __K5ROOT__/ovsec_adm.acl
 		dict_file = __K5ROOT__/ovsec_adm.dict
diff --git a/src/kadmin/testing/tcl/util.t b/src/kadmin/testing/tcl/util.t
index 772160990..6751f89e6 100644
--- a/src/kadmin/testing/tcl/util.t
+++ b/src/kadmin/testing/tcl/util.t
@@ -29,8 +29,6 @@ proc config_params {masks values} {
 	    "KADM5_CONFIG_ADBNAME" {set params [lreplace $params 5 5 $value]}
 	    "KADM5_CONFIG_ADB_LOCKFILE" {
 		set params [lreplace $params 6 6 $value]}
-	    "KADM5_CONFIG_ADMIN_KEYTAB" {
-		set params [lreplace $params 7 7 $value]}
 	    "KADM5_CONFIG_ACL_FILE" {set params [lreplace $params 8 8 $value]}
 	    "KADM5_CONFIG_DICT_FILE" {
 		set params [lreplace $params 9 9 $value]}
diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c
index b33cf0a0f..0d9c7f11d 100644
--- a/src/kadmin/testing/util/tcl_kadm5.c
+++ b/src/kadmin/testing/util/tcl_kadm5.c
@@ -86,7 +86,6 @@ static struct flagval config_mask_flags[] = {
     {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE},
     {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION},
     {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS},
-    {"KADM5_CONFIG_ADMIN_KEYTAB", KADM5_CONFIG_ADMIN_KEYTAB},
     {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE},
     {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE},
     {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME},
@@ -1033,11 +1032,7 @@ static int parse_config_params(Tcl_Interp *interp, char *list,
     }
     /* Ignore argv[5], which used to set the admin_dbname field.  */
     /* Ignore argv[6], which used to set the admin_lockfile field.  */
-    if ((retcode = parse_str(interp, argv[7], &params->admin_keytab)) != TCL_OK) {
-        Tcl_AppendElement(interp, "while parsing admin_keytab name");
-        retcode = TCL_ERROR;
-        goto finished;
-    }
+    /* Ignore argv[7], which used to set the admin_keytab field.  */
     if ((retcode = parse_str(interp, argv[8], &params->acl_file)) != TCL_OK) {
         Tcl_AppendElement(interp, "while parsing acl_file name");
         retcode = TCL_ERROR;