From 0780e46fc13dbafa177525164997cd204cc50b51 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 8 Jan 2013 15:20:45 -0500
Subject: Allow principals to refer to nonexistent policies

Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.

In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.

ticket: 7385
---
 src/include/kdb.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/include')

diff --git a/src/include/kdb.h b/src/include/kdb.h
index 1bfb5d045..78d78c55c 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -215,7 +215,7 @@ typedef struct _osa_policy_ent_t {
     krb5_ui_4       pw_min_length;
     krb5_ui_4       pw_min_classes;
     krb5_ui_4       pw_history_num;
-    krb5_ui_4       policy_refcnt;
+    krb5_ui_4       policy_refcnt;              /* no longer used */
     /* Only valid if version > 1 */
     krb5_ui_4       pw_max_fail;                /* pwdMaxFailure */
     krb5_ui_4       pw_failcnt_interval;        /* pwdFailureCountInterval */
-- 
cgit