From: Greg Hudson Date: Mon, 4 Feb 2013 19:01:40 +0000 (-0500) Subject: Simplify kdb5_util create using a null password X-Git-Tag: krb5-1.12-alpha1~306 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e;p=thirdparty%2Fkrb5.git Simplify kdb5_util create using a null password kadm5_create_principal now uses a random key if passed a null password, so we don't need a multi-step process to create admin principals when creating a database any more. --- diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index 567f5f5dc5..40f89a7ce2 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -291,39 +291,16 @@ int add_admin_princ(void *handle, krb5_context context, return(ERR); } ent.max_life = lifetime; - ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX; + ent.attributes = attrs; ret = kadm5_create_principal(handle, &ent, (KADM5_PRINCIPAL | KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), - "to-be-random"); - if (ret) { - if (ret != KADM5_DUP) { - com_err(progname, ret, _("while creating principal %s"), fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - } else { - /* only randomize key if we created the principal */ - ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL); - if (ret) { - com_err(progname, ret, _("while randomizing principal %s"), - fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - - ent.attributes = attrs; - ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES); - if (ret) { - com_err(progname, ret, _("while setting attributes on %s"), - fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } + KADM5_ATTRIBUTES), NULL); + if (ret && ret != KADM5_DUP) { + com_err(progname, ret, _("while creating principal %s"), fullname); + krb5_free_principal(context, ent.principal); + free(fullname); + return ERR; } krb5_free_principal(context, ent.principal);