From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349, at
http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted as
needed to apply to 1.6.1. FIXME: I'd like to better handle cases where we have
a new key with the right version stored later in the keytab file. Currently,
we're setting up to overlook that possibility.
diff -urN krb5-1.6.1.orig/src/kadmin/ktutil/ktutil.c krb5-1.6.1-230379/src/kadmin/ktutil/ktutil.c
--- krb5-1.6.1.orig/src/kadmin/ktutil/ktutil.c 2007-03-10 05:10:59.000000000 +0100
+++ krb5-1.6.1-230379/src/kadmin/ktutil/ktutil.c 2007-06-22 14:43:58.000000000 +0200
@@ -155,7 +155,7 @@
char *princ = NULL;
char *enctype = NULL;
krb5_kvno kvno = 0;
- int use_pass = 0, use_key = 0, i;
+ int use_pass = 0, use_key = 0, use_kvno = 0, i;
for (i = 1; i < argc; i++) {
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
@@ -164,6 +164,7 @@
}
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
kvno = (krb5_kvno) atoi(argv[++i]);
+ use_kvno++;
continue;
}
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
@@ -180,7 +181,7 @@
}
}
- if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
+ if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) {
fprintf(stderr, "usage: %s (-key | -password) -p principal "
"-k kvno -e enctype\n", argv[0]);
return;
diff -urN krb5-1.6.1.orig/src/lib/krb5/keytab/kt_file.c krb5-1.6.1-230379/src/lib/krb5/keytab/kt_file.c
--- krb5-1.6.1.orig/src/lib/krb5/keytab/kt_file.c 2007-01-27 03:07:08.000000000 +0100
+++ krb5-1.6.1-230379/src/lib/krb5/keytab/kt_file.c 2007-06-22 14:49:39.000000000 +0200
@@ -350,7 +350,7 @@
higher than that. Short-term workaround: only compare
the low 8 bits. */
- if (new_entry.vno == (kvno & 0xff)) {
+ if (new_entry.vno == (kvno & 0xff) || new_entry.vno == IGNORE_VNO) {
krb5_kt_free_entry(context, &cur_entry);
cur_entry = new_entry;
break;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
e16d0c94ff2c9e93ba4eea60f7b68478
>
files
>
114
