diff options
author | Greg Hudson <ghudson@mit.edu> | 2020-08-10 12:44:21 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-11-03 11:55:39 -0500 |
commit | 53133fd6aa41a709e438e8d71eb39475044bc0da (patch) | |
tree | 13e0f577b4723ca5bfe1facef86c2c12c5a66e70 | |
parent | 8c9443436739ef640062f619aff55f4413a946f0 (diff) | |
download | krb5-53133fd6aa41a709e438e8d71eb39475044bc0da.zip krb5-53133fd6aa41a709e438e8d71eb39475044bc0da.tar.gz krb5-53133fd6aa41a709e438e8d71eb39475044bc0da.tar.bz2 |
Set lockdown attribute when creating LDAP KDB
In kdb5_ldap_util, set lockdown_keys on the special principals when
creating an LDAP KDB, as we do in kdb5_util when creating a regular
KDB.
(cherry picked from commit 6cdf7d82e74f21fb8a37efe6b1bba45744f891ba)
ticket: 8936
version_fixed: 1.18.3
-rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index c21d199..94d58ed 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -1337,7 +1337,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, now, &db_create_princ))) goto cleanup; - entry.attributes = pblock->flags; + entry.attributes = pblock->flags | KRB5_KDB_LOCKDOWN_KEYS; entry.max_life = pblock->max_life; entry.max_renewable_life = pblock->max_rlife; entry.expiration = pblock->expiration; |