On 06/24/10 21:27, Shawn Emery wrote: > On 06/24/10 04:44 PM, Glenn Barry wrote: >> >> looks good in general, a few comments: >> >> Abstracted interfaces >> ===================== >> >> <add descriptive blurb of func here> >> krb5_error_code __krb5_kt_add_ad_entries(krb5_context ctx, >> char **svc_princs, krb5_kvno kvno, uint_t flags, char *password) >> **** maybe add blurb for each func like for this one cuz parts of it >> like >> '_ad_' may not be obvious: >> Add keys for service principals to krb5.keytab for an Active >> Directory client: > > Done. > >> krb5_error_code __krb5_kt_remove_by_svcprinc(krb5_context ctx, >> char *svc_princ) >> >> where ctx is the pointer passed back from krb5_init_context >> where svc_princ is the service principal name that is matched for >> any >> keytab entries to be removed >> **** partial matches and/or wildcards supported? >> **** pro/con using char * for svc_princ vs krb5_principal? > > Clarified in the beginning text. See diffs below. > >> krb5_error_code __krb5_kt_validate(krb5_context ctx, >> char *svc_princ, uint_t flags, boolean_t *valid) >> **** krb5_boolean? > > I thought of this, but I didn't like how they were typically assigned > in the mech, with 0 or 1, instead of TRUE and FALSE. In any case, > I'll change them. > >> **** n/n-1 Note: this w/respect to kvno? (make that clear) > > Done. > > @@ -40,10 +40,13 @@ > ===================== > > krb5_error_code __krb5_kt_add_ad_entries(krb5_context ctx, > char **svc_princs, krb5_kvno kvno, uint_t flags, char *password) > > + Adds keys to the keytab file for a default set of service principals > + (refer to PSARC/2007/401) in an Active Directory environment. > + > where ctx is the pointer passed back from krb5_init_context > where svc_princs is an array of service principal names to be added > to the keytab file, terminated by a NULL pointer > where kvno is the key version number of the set of service principal > keys to be added > @@ -69,10 +72,13 @@ > > _________ > > krb5_error_code __krb5_kt_remove_by_realm(krb5_context ctx, char > *realm) > > + Removes all key entries in the keytab file that match the exact > realm > + name specified. > + > where ctx is the pointer passed back from krb5_init_context > where realm is the realm name that is matched for any keytab entries > to be removed > Note: if there are no entries matching realm then 0 (success) is > returned > @@ -80,10 +86,13 @@ > _________ > > krb5_error_code __krb5_kt_remove_by_svcprinc(krb5_context ctx, > char *svc_princ) > > + Removes all key entries in the keytab file that match the exact > service > + principal name specified. > + > where ctx is the pointer passed back from krb5_init_context > where svc_princ is the service principal name that is matched for > any > keytab entries to be removed > > Note: if there are no entries matching svc_princ then 0 (success) is > @@ -90,12 +99,16 @@ > returned > > _________ > > krb5_error_code __krb5_kt_validate(krb5_context ctx, > - char *svc_princ, uint_t flags, boolean_t *valid) > + char *svc_princ, uint_t flags, krb5_boolean *valid) > > + The validate function determines that the correct set of service > + principals (refer to PSARC/2007/401) exist and that this set has a > + valid set of encryption types. > + > where ctx is the pointer passed back from krb5_init_context > where svc_princ is the principal to be validated in the keytab file > where flags is the set of conditions that affects the key table > entries > that the function considers valid > current set of defined flags: > @@ -106,13 +119,13 @@ > > where valid is a boolean that is set if the svc_princ is correctly > populated in the keytab file based on the flags set else valid is > unset. > > Note: The validate function does not distinguish between having n > and > - n-1 key sets in the keytab file. This is from the fact that AD > - environments will refresh old credential caches if n-1 keys are not > - present in the keytab file. > + n-1 key version numbers (kvno) in the keytab file. This is from the > + fact that AD environments will refresh old credential caches if > kvno, > + n-1, are not present in the keytab file. > > Stability Level > =============== > > Contract project private for both primitive and abstracted > interfaces. > > Shawn. > -- >> On 06/21/10 09:57, Shawn Emery wrote: >>> On 06/21/10 08:30 AM, Mark Phalan wrote: >>>> On Mon, 2010-06-21 at 09:41 -0400, Wyllys Ingersoll wrote: >>>>> I filed the case today - PSARC 2010/229 >>>>> >>>> Shawn: >>>> Was this sent out to the i-team alias for review? I don't remember >>>> seeing it here first but it's possible I missed it. >>>> >>>> If it wasn't I think it should have been. >>> >>> I apologize for not sending this out to the i-team alias for review >>> earlier, however the design is still malleable and I still expect >>> review comments from this and other groups. >>> >>> Shawn. >>> -- >> >> >
_______________________________________________ opensolaris-arc mailing list [email protected]
