From 53133fd6aa41a709e438e8d71eb39475044bc0da Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 10 Aug 2020 12:44:21 -0400 Subject: Set lockdown attribute when creating LDAP KDB In kdb5_ldap_util, set lockdown_keys on the special principals when creating an LDAP KDB, as we do in kdb5_util when creating a regular KDB. (cherry picked from commit 6cdf7d82e74f21fb8a37efe6b1bba45744f891ba) ticket: 8936 version_fixed: 1.18.3 --- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index c21d199..94d58ed 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -1337,7 +1337,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, now, &db_create_princ))) goto cleanup; - entry.attributes = pblock->flags; + entry.attributes = pblock->flags | KRB5_KDB_LOCKDOWN_KEYS; entry.max_life = pblock->max_life; entry.max_renewable_life = pblock->max_rlife; entry.expiration = pblock->expiration; -- cgit v1.1