Update all principal records (or only those matching the
*princ-pattern* glob pattern) to re-encrypt the key data using the
-active database master key, if they are encrypted using older
-versions, and give a count at the end of the number of principals
+active database master key, if they are encrypted using a different
+version, and give a count at the end of the number of principals
updated. If the **-f** option is not given, ask for confirmation
before starting to make changes. The **-v** option causes each
principal processed to be listed, with an indication as to whether it
char *msg;
#endif
char *regexp = NULL;
- krb5_keyblock *tmp_keyblock = NULL;
+ krb5_keyblock *act_mkey;
krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
while ((optchar = getopt(argc, argv, "fnv")) != -1) {
goto cleanup;
}
- /* Master key is always stored encrypted in the latest version of
- itself. */
- new_mkvno = krb5_db_get_key_data_kvno(util_context,
- master_entry->n_key_data,
- master_entry->key_data);
-
- retval = krb5_dbe_find_mkey(util_context, master_entry, &tmp_keyblock);
+ retval = krb5_dbe_find_act_mkey(util_context, actkvno_list, &new_mkvno,
+ &act_mkey);
if (retval) {
- com_err(progname, retval, _("retrieving the most recent master key"));
+ com_err(progname, retval, _("while looking up active master key"));
exit_status++;
goto cleanup;
}
- new_master_keyblock = *tmp_keyblock;
+ new_master_keyblock = *act_mkey;
if (!force &&
!data.dry_run &&
projects / thirdparty / krb5.git / commitdiff
