rpms/krb5/devel kdc.conf, 1.14, 1.15 krb5.spec, 1.166, 1.167 kadmind.init, 1.13, 1.14

Nalin Somabhai Dahyabhai (nalin) fedora-extras-commits at redhat.com
Fri Apr 4 21:30:32 UTC 2008 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1767

Modified Files:
	kdc.conf krb5.spec kadmind.init 
Log Message:
- stop exporting kadmin keys to a keytab file when kadmind starts -- the
  daemon's been able to use the database directly for a long long time now
- belatedly add aes128,aes256 to the default set of supported key types



Index: kdc.conf
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/kdc.conf,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- kdc.conf	26 Jul 2007 18:36:57 -0000	1.14
+++ kdc.conf	4 Apr 2008 21:29:53 -0000	1.15
@@ -5,9 +5,9 @@
 
 [realms]
  EXAMPLE.COM = {
-  #master_key_type = des3-hmac-sha1
+  #master_key_type = aes256-cts
   acl_file = /var/kerberos/krb5kdc/kadm5.acl
   dict_file = /usr/share/dict/words
   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
-  supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
+  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
  }


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.166
retrieving revision 1.167
diff -u -r1.166 -r1.167
--- krb5.spec	1 Apr 2008 20:54:54 -0000	1.166
+++ krb5.spec	4 Apr 2008 21:29:53 -0000	1.167
@@ -16,7 +16,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.3
-Release: 11%{?dist}
+Release: 12%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -231,6 +231,11 @@
 certificate.
 
 %changelog
+* Fri Apr  4 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-12
+- stop exporting kadmin keys to a keytab file when kadmind starts -- the
+  daemon's been able to use the database directly for a long long time now
+- belatedly add aes128,aes256 to the default set of supported key types
+
 * Tue Apr  1 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-11
 - libgssapi_krb5: properly export the acceptor subkey when creating a lucid
   context (Kevin Coffman, via the nfs4 mailing list)


Index: kadmind.init
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/kadmind.init,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- kadmind.init	2 Jan 2008 17:03:38 -0000	1.13
+++ kadmind.init	4 Apr 2008 21:29:53 -0000	1.14
@@ -38,15 +38,7 @@
 	    echo $"Error. This appears to be a slave server, found kpropd.acl"
 	    exit 6
 	else
-	[ -x $kadmind ] || exit 5
-  	    if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then
-		echo -n $"Extracting kadm5 Service Keys: "
-		# This should always work.
-		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure
-		# It's probably okay if this fails.
-		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success
-		echo
-	    fi
+	    [ -x $kadmind ] || exit 5
 	fi
 	echo -n $"Starting $prog: "
 	daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS

More information about the fedora-extras-commits mailing list