From: Greg Hudson Date: Mon, 10 Aug 2020 16:44:21 +0000 (-0400) Subject: Set lockdown attribute when creating LDAP KDB X-Git-Tag: krb5-1.19-beta1~44 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cdf7d82e74f21fb8a37efe6b1bba45744f891ba;p=thirdparty%2Fkrb5.git Set lockdown attribute when creating LDAP KDB In kdb5_ldap_util, set lockdown_keys on the special principals when creating an LDAP KDB, as we do in kdb5_util when creating a regular KDB. ticket: 8936 (new) tags: pullup target_version: 1.18-next target_version: 1.17-next --- diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index ae1afd4a9c..bb5bae5baf 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -1304,7 +1304,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, now, &db_create_princ))) goto cleanup; - entry.attributes = pblock->flags; + entry.attributes = pblock->flags | KRB5_KDB_LOCKDOWN_KEYS; entry.max_life = pblock->max_life; entry.max_renewable_life = pblock->max_rlife; entry.expiration = pblock->expiration;