Well, as long as I'm complaining about omissions in the kadm5_hook interface, here's another one *(looks like my dream of getting rid of a local mod is nowjust swapping a local mod for a slightly less obnoxious local mod)*.
ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles, *handle->current_caller*, KADM5_HOOK_STAGE_PRECOMMIT, principal, keepold, new_n_ks_tuple, new_ks_tuple, NULL); Because we do bi-directional password sync (MIT KDC <--> WinAD KDC), we need a way to prevent an endless loop of the same password change going around and around forever. I'm open to better suggestions, but what we've used thus far is to look at which principal (handle->current_caller) is making the update and if it is the ADsyncer, then the MIT side doesn't send the update back. John On Sat, May 2, 2015 at 10:44 PM, John Hascall <j...@iastate.edu> wrote: > I wasn't exactly sure how you intended the major/minor version numbering > business to work, but here's a set of patches (based off of 1.13.1) which > add a rename function to a version 2 of kadm5_hook_vftable: > > kadm5_ret_t (*rename)(krb5_context ctx, > kadm5_hook_modinfo *modinfo, > int stage, > krb5_principal source, /* old name */ > krb5_principal target); /* new name */ > > Are we the only place which makes much use of rename? > > John > ------------------------->8--------- snippy snip > ---------8<------------------- > begin 440 kadm5_hook_rename_patches.tgz > M'XL(`"J6154``^U:ZW/:1A#/U_)7;"<S'5["DD#@X#IC-W433_S(.$Z_:@0Z > M0$7H-)(@(1G_[]T]22"$>"1V2*:]WR0\Q-W>/NY^>[M)X]GWAZJVU(YAX+M` > M_EU\UG1#U_1VJZ-VZ'FGTS:>&0?0[=DTC*P`X%G`>;1MW,<18^XA%#HL&D=A > MT%<<K^].;::,@YZAC"U[8I@CSL>F[TZ'CM<8/6X-55/5=JNU*?Y&$V.=QK_= > MIGVBM=L='/\T)F['_SS^BJ(`[H"C9`<<T0XX*M@!#1XXPU]T53,455<T#72M > MJ[6[K69C<89!4=NJ6JK5:GM)3(21/-#T;E/KMHY7A!DH[.P,E+9:;T,-7SMP > M=E8"J-)?4."5%480C1C,(JOG,O"YXT4L`"L$R_<#[@>.%3$8\``FUC_FC`5= > M,9.0/(#34]"ZB20.&2UG`R'4U$JU]2GZUBEZ1L=+SXD<RW4^,Z'IA$4C;H?` > M!QG%ZQ!&W/<=;UBD.HY+M`ZGON\ZS(:)XY$F#8!;/W*X9[D+P1-K#CT&+AM$ > M,/6<Q>IV0[A2:ZGU%M2TEE8W7L3>1!Q5X<*S22F4C$NB[!#%@M:`ZE$)'@K] > M<E*"4BV:^\QF`S0@F/:CE7&)+TQTTY=2#;TH%JK".43L4T0SR&#'9E[D#.;T > MF3P2;PYAN,N'0WH\86%H#5DHE!%B^MQ#J?T1GMNJ9TW8259^QN-6*F["[:G+ > M&O$@].69;P76A!X[WH!#P*)IX(7@L8_N'"S7Y7WTOIU,`S&&-!I,<1Q;2.GC > M2-0*7KG,\G#XU(?>7%@Q0,>7*SC>ZU-\%@LG^L=NPE7-",I5"E*E3*?$1,/( > M.?6L(U,EJ]7D4V7%7+$X+6VEZEH8RD'`&)Q9J85+U\VX8^.:I.`^:Q8N>>G9 > M#CDH1%NM^`3Z5AA^Y($-3HC;CZ*&T?&&M.UR/D>V'3(:AEK3<1WBB1H$?`+/ > M,^O'@Y@WG;#`(@_FI8P9\[DKEL.=A_(&P#XY840KC]D<I0<L463,_&A-"XPT > MJ4SS;SY<7=%\,@.G0KB<&J`K^20^/=LBV!^1L)P_DQF%V.+JK?/08;$#MTLG > M-9!!O+[C6VX]_M[C7.R4Q',[E_',<6A&4]_=8RUTFQE:;A2/A^I>,U<.<1R. > MXFU&QS@UA@+6#QB=SL:F8(B?'QF,IXB"$+O0W$2>,_&4N9PHS0K'/U<$T@.\ > M&H)K],=@G@W`)J]/Q,B?W^O[;3&;N6S+%@O8A,\>N\6^[KSG#O5^9@2,LN,6 > M,^CG'VG&-K.*KR1Z;$SAE42GV?"<H3<&*."-^?;N#\-\>_[GM6&^N;U]:[Z[ > M^O#Z\@;G_^A+]T^$7/U'7E5"%J"_37&;QLOE8\N_7?6?IG8*ZC^](^N_`V"M > M_J,=<+2V`[+E7TMIJJ"K72S:6IVUBFVM_"L6N%+]'7>-XZ[6*JS^=,.@\H_> > MM.:B9-E&,IM&K')-3)454<:(BS3>YA/&S)`+7D*C8!Z7EC'U9#@4OV#J71)1 > M,GN%4&$7L6;FXY79INP=OX<;I^Q.A3E3N?B89UOP4A<@;9(+SAZHW,M0*)@) > M?;Z_N/O[XLZ\O+F_N+LYOS+?F"9('OTO(.9_U^FEW!_,,@W`1O\IUMC!_[IF > MZ'G^-YH=3?+_`9#R/^Z`E*J#V5%V!WQ]YV^SK#SK:UU5*V3]IE[O0$V\$N4_ > M3[()_![.0Y</&Z.71%3K;:>8.N.FDY*CUT7K"F;12?9"O'J+%+_FJ7EQW[6M > MR,*?'RAOB.9DBQ05K]G<E%#Y*8P-T4\JA\YGQ@?EA-LK=?@-4TCE9#D#";>< > MSCH578G*:B(;\HA#GXKXJ7\2&T=`,;B,J,`JY44S1Q-_XDP4-\&2CESEMW@1 > MY>6,EJ]M%Z/O*6;%"A+UZRFH%?BR>(ZYY"_+<9F=-FNIZT4UBL<]98`^C2O+ > M%8.IB96X)+O$BGO)3R=Q:[/]@NX)]*:U1"P>:(OL3-?%V?H;TO+&*F='^BW5 > MOL02+S&YGM]?E&.]T.T+94;*2]IW]51^*C"1D,8Q[F."BE\?J)#*V@YYVZF$ > M_0;;B^\;FVU/;,3C^*.93J((1?D_G`7+"#[!%6!7_:<WFVOUGZ[K,O\?`,7Y > M/[<#'GL%R(G+WP(Z7;59>`LXUO7Z"ZC1F[::7T4RM+G'DL1`7)]RH,BZ!42? > M9JPEK28/,DRWN>A:(--0>G]__OK"?'=W\>KV^OKR'OF93X,^DB!NJ2%;Y-<D > M*5:6HC/JUTJ+Q%E.E+=[IC^-3%%Z)EK7Z2E>&BR[5ZE4BOT0BR_3/_%4OJL' > M"EQP^_Y^LP]B=9?&Q>W5G'WQ-%&/"X.Z,F$<`FO\_\2]/\+._M_Z__\P.H:L > M_PZ!`O[?UOO[:O;?VO?3NTV]VVK+OI_L^TE(2$A(2$A(2$A(2$A(2$A(2$A( > ?2$A(2$A(2$A(2$A(2$A(2$A(2.R/?P'3]3Z0`%```$A( > ` > end > > On Sat, May 2, 2015 at 9:57 AM, John Hascall <j...@iastate.edu> wrote: > >> >> Is there a reason why the kadm5_hook interface does not seem to have any >> support for a principal "rename" operation? >> >> John >> > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos