+Wed Oct 18 14:25:29 1995 <tytso@rsts-11.mit.edu>
+
+ * kdb5_create.c (main): Add new option 's' which automatically
+ stashes the master key in the key stash file. This
+ eliminates the need for the admin to type kdb5_stash right
+ after kdb5_create.
+
Wed Sep 13 19:02:50 1995 Theodore Y. Ts'o <tytso@dcl>
* kdb5_create.c (tgt_keysalt_iterate): Don't bash the master key
char *mkey_fullname;
char *defrealm;
char *pw_str = 0;
+ char *keyfile = 0;
int pw_size = 0;
int enctypedone = 0;
+ int do_stash = 0;
krb5_data pwd;
krb5_context context;
krb5_realm_params *rparams;
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
- while ((optchar = getopt(argc, argv, "d:r:k:M:e:P:")) != EOF) {
+ while ((optchar = getopt(argc, argv, "d:r:k:M:e:P:sf:")) != EOF) {
switch(optchar) {
case 'd': /* set db name */
dbname = optarg;
else
com_err(argv[0], 0, "%s is an invalid enctype", optarg);
break;
+ case 's':
+ do_stash++;
+ break;
+ case 'f':
+ keyfile = optarg;
+ break;
case 'M': /* master key name in DB */
mkey_name = optarg;
break;
rparams->realm_keysalts = (krb5_key_salt_tuple *) NULL;
}
+ /* Get the value for the stash file */
+ if (rparams->realm_stash_file && !keyfile)
+ keyfile = strdup(rparams->realm_stash_file);
+
krb5_free_realm_params(context, rparams);
}
com_err(argv[0], retval, "while adding entries to the database");
exit(1);
}
+ if (do_stash &&
+ ((retval = krb5_db_store_mkey(context, keyfile, master_princ,
+ &master_keyblock)))) {
+ com_err(argv[0], errno, "while storing key");
+ printf("Warning: couldn't stash master key.\n");
+ }
/* clean up */
(void) krb5_db_fini(context);
(void) krb5_finish_key(context, &master_encblock);
projects / krb5.git / commitdiff