code doesn't get dragged in twice.
kdc_util.c (validate_as_request): Allow a client to obtain a password
changing ticket, even if the client's key is expired.
main.c (usage, process_args, main): The KDC will disassociate itself
from the terminal by default, unless the -n option is given.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5148
dc483132-0cff-0310-8789-
dd5450dbe970
+Tue Mar 14 15:25:38 1995 <tytso@rsx-11.mit.edu>
+
+ * configure.in, Makefile.in: Use the libdes425 library so that the
+ DES code doesn't get dragged in twice.
+
+ * kdc_util.c (validate_as_request): Allow a client to obtain a
+ password changing ticket, even if the client's key is
+ expired.
+
+ * main.c (usage, process_args, main): The KDC will disassociate
+ itself from the terminal by default, unless the -n option
+ is given.
+
Thu Mar 2 12:16:50 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
kdc5_err.o: kdc5_err.h
krb5kdc: $(OBJS) $(KDBDEPLIB) $(DEPKLIB)
- $(CC) $(CFLAGS) -o krb5kdc $(OBJS) $(KDBLIB) $(KLIB) $(K4LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o krb5kdc $(OBJS) $(KDBLIB) $(K4LIB) $(KLIB) $(LIBS)
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
[ --with-krb4=KRB4DIR build with Kerberos V4 backwards compatibility],
ADD_DEF(-DKRB4)
ADD_DEF(-DBACKWARD_COMPAT)
-K4LIB='$(KRB4)/lib/libkrb.a $(TOPLIBD)/libdes425.a $(KRB4)/lib/libdes.a',
+K4LIB='$(KRB4)/lib/libkrb.a $(TOPLIBD)/libdes425.a',
echo "warning: no krb4 support will be built in kdc"
K4LIB=)
AC_SUBST(K4LIB)
return KDC_ERR_BADOPTION;
}
- /* The client's password must not be expired */
- if (client.pw_expiration && client.pw_expiration < kdc_time) {
+ /* The client's password must not be expired, unless the server is
+ a KRB5_KDC_PWCHANGE_SERVICE. */
+ if (client.pw_expiration && client.pw_expiration < kdc_time &&
+ !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
*status = "CLIENT KEY EXPIRED";
#ifdef KRBCONF_VAGUE_ERRORS
return(KRB_ERR_GENERIC);
#include "extern.h"
#include "kdc5_err.h"
+static int nofork = 0;
+
static void
kdc_com_err_proc(whoami, code, format, pvar)
const char *whoami;
usage(name)
char *name;
{
- fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterkeytype] [-M masterkeyname] [-p port]\n", name);
+ fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterkeytype] [-M masterkeyname] [-p port] [-n]\n", name);
return;
}
extern char *optarg;
- while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:")) != EOF) {
+ while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:n")) != EOF) {
switch(c) {
case 'r': /* realm name for db */
db_realm = optarg;
case 'M': /* master key name in DB */
mkey_name = optarg;
break;
+ case 'n':
+ nofork++; /* don't detach from terminal */
+ break;
case 'k': /* keytype for master key */
master_keyblock.keytype = atoi(optarg);
keytypedone++;
finish_args(argv[0]);
return 1;
}
+ if (!nofork && daemon(0, 0)) {
+ com_err(argv[0], errno, "while detaching from tty");
+ finish_args(argv[0]);
+ return 1;
+ }
syslog(LOG_INFO, "commencing operation");
if (retval = listen_and_process(argv[0])){
com_err(argv[0], retval, "while processing network requests");
projects / krb5.git / commitdiff