diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-02-11 16:07:08 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-02-11 16:07:08 +0000 |
| commit | fe68c6595b7f90ec6891b4dbb0b227ee859090e5 (patch) | |
| tree | 4f895b242e5493408169ba48e897cc1c2859a380 /src/lib/kadm5/server_internal.h | |
| parent | 079eed2cf749702f75ddc385cf943fbab931f9d8 (diff) | |
| download | krb5-fe68c6595b7f90ec6891b4dbb0b227ee859090e5.tar.gz krb5-fe68c6595b7f90ec6891b4dbb0b227ee859090e5.tar.xz krb5-fe68c6595b7f90ec6891b4dbb0b227ee859090e5.zip | |
Minimal support for updating history key
Add minimal support for re-randomizing the history key:
* cpw -randkey kadmin/history now works, but creates only one key.
* cpw -randkey -keepold kadmin/history still fails.
* libkadm5 no longer caches the history key. Performance impact
is minimal since password changes are not common.
* randkey no longer checks the newly randomized key against old keys,
and the disabled code to do so in setkey/setv4key is gone, so now
only kadm5_chpass_principal_3 accesses the password history.
ticket: 6660
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/server_internal.h')
| -rw-r--r-- | src/lib/kadm5/server_internal.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index 7f5875031..3276b2727 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -24,6 +24,15 @@ #include <kadm5/admin.h> #include "admin_internal.h" +/* + * This is the history key version for a newly created DB. We use this value + * for principals which have no password history yet to avoid having to look up + * the history key. Values other than 2 will cause compatibility issues with + * pre-1.8 libkadm5 code; the older code will reject key changes when it sees + * an unexpected value of admin_history_kvno. + */ +#define INITIAL_HIST_KVNO 2 + typedef struct _kadm5_server_handle_t { krb5_ui_4 magic_number; krb5_ui_4 struct_version; @@ -64,6 +73,9 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, char *r, int from_keyboard); krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r); +krb5_error_code kdb_get_hist_key(kadm5_server_handle_t handle, + krb5_keyblock *hist_keyblock, + krb5_kvno *hist_kvno); krb5_error_code kdb_get_entry(kadm5_server_handle_t handle, krb5_principal principal, krb5_db_entry *kdb, osa_princ_ent_rec *adb); |