Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
From: ghudson@mit.edu
Subject: git commit
Content-Length: 1116


Limit -keepold for self-service key changes

In libkadm5, change the type of the keepold parameters from
krb5_boolean to unsigned int (which is the underlying type of
krb5_boolean, so this is not an API or ABI change).  In libkadm5srv,
interpret a keepold value greater than 2 to be a limit on the number
of resulting key versions including the new one.

In kadmind, when a principal changes its own keys, limit the number of
resulting key versions to 5.

https://github.com/krb5/krb5/commit/b43ac6b2b02b0d81370aab337d31159aba219ed6
Author: Greg Hudson <ghudson@mit.edu>
Commit: b43ac6b2b02b0d81370aab337d31159aba219ed6
Branch: master
 src/include/kdb.h                     |  8 +++---
 src/kadmin/server/server_stubs.c      | 47 +++++++++++++++++++++++++++--------
 src/lib/kadm5/admin.h                 |  8 +++---
 src/lib/kadm5/clnt/client_principal.c |  8 +++---
 src/lib/kadm5/srv/svr_principal.c     |  8 +++---
 src/lib/kdb/kdb_cpw.c                 | 46 ++++++++++++++++++----------------
 src/tests/t_keyrollover.py            | 25 +++++++++++++++++++
 7 files changed, 103 insertions(+), 47 deletions(-)