From 1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 4 Feb 2013 14:01:40 -0500
Subject: [PATCH] Simplify kdb5_util create using a null password

kadm5_create_principal now uses a random key if passed a null
password, so we don't need a multi-step process to create admin
principals when creating a database any more.
---
 src/kadmin/dbutil/kadm5_create.c | 37 ++++++--------------------------
 1 file changed, 7 insertions(+), 30 deletions(-)

diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index 567f5f5dc5..40f89a7ce2 100644
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -291,39 +291,16 @@ int add_admin_princ(void *handle, krb5_context context,
         return(ERR);
     }
     ent.max_life = lifetime;
-    ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX;
+    ent.attributes = attrs;
 
     ret = kadm5_create_principal(handle, &ent,
                                  (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
-                                  KADM5_ATTRIBUTES),
-                                 "to-be-random");
-    if (ret) {
-        if (ret != KADM5_DUP) {
-            com_err(progname, ret, _("while creating principal %s"), fullname);
-            krb5_free_principal(context, ent.principal);
-            free(fullname);
-            return ERR;
-        }
-    } else {
-        /* only randomize key if we created the principal */
-        ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL);
-        if (ret) {
-            com_err(progname, ret, _("while randomizing principal %s"),
-                    fullname);
-            krb5_free_principal(context, ent.principal);
-            free(fullname);
-            return ERR;
-        }
-
-        ent.attributes = attrs;
-        ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
-        if (ret) {
-            com_err(progname, ret, _("while setting attributes on %s"),
-                    fullname);
-            krb5_free_principal(context, ent.principal);
-            free(fullname);
-            return ERR;
-        }
+                                  KADM5_ATTRIBUTES), NULL);
+    if (ret && ret != KADM5_DUP) {
+        com_err(progname, ret, _("while creating principal %s"), fullname);
+        krb5_free_principal(context, ent.principal);
+        free(fullname);
+        return ERR;
     }
 
     krb5_free_principal(context, ent.principal);
-- 
2.47.2