diff options
author | Greg Hudson <ghudson@mit.edu> | 2020-08-10 12:44:21 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-11-03 11:55:43 -0500 |
commit | 3286cc45031141ce95f0a396b979831575054c58 (patch) | |
tree | c7779c78787657c10e7b5c42decaff7e618d6e6f | |
parent | 9e65436cb03d6f0ec93c6fdef68af8ed6077e997 (diff) | |
download | krb5-3286cc45031141ce95f0a396b979831575054c58.zip krb5-3286cc45031141ce95f0a396b979831575054c58.tar.gz krb5-3286cc45031141ce95f0a396b979831575054c58.tar.bz2 |
Set lockdown attribute when creating LDAP KDB
In kdb5_ldap_util, set lockdown_keys on the special principals when
creating an LDAP KDB, as we do in kdb5_util when creating a regular
KDB.
(cherry picked from commit 6cdf7d82e74f21fb8a37efe6b1bba45744f891ba)
ticket: 8936
version_fixed: 1.17.2
-rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index 5a745e2..1b79455 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -1338,7 +1338,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, now, &db_create_princ))) goto cleanup; - entry.attributes = pblock->flags; + entry.attributes = pblock->flags | KRB5_KDB_LOCKDOWN_KEYS; entry.max_life = pblock->max_life; entry.max_renewable_life = pblock->max_rlife; entry.expiration = pblock->expiration; |