Next: Policy, osa_policy_ent_t
Up: Database Record Types
Previous: Database Record Types
Contents
The admin principal database stores records of the type
osa_princ_ent_t (declared in
kadm5/adb.h
), which is the
subset of the kadm5_principal_ent_t structure that is not stored
in the Kerberos database plus the necessary bookkeeping information.
The records are keyed by the ASCII representation of the principal's
name, including the trailing NULL.
typedef struct _osa_pw_hist_t {
int n_key_data;
krb5_key_data *key_data;
} osa_pw_hist_ent, *osa_pw_hist_t;
typedef struct _osa_princ_ent_t {
char * policy;
u_int32 aux_attributes;
unsigned int old_key_len;
unsigned int old_key_next;
krb5_kvno admin_history_kvno;
osa_pw_hist_ent *old_keys;
u_int32 num_old_keys;
u_int32 next_old_key;
krb5_kvno admin_history_kvno;
osa_pw_hist_ent *old_keys;
} osa_princ_ent_rec, *osa_princ_ent_t;
The fields that are different from kadm5_principal_ent_t are:
- num_old_keys
- The number of previous keys in the old_keys array.
This value must be 0
num_old_keys
pw_history_num.
- old_key_next
- The index into old_keys where the next key should
be inserted. This value must be 0
old_key_next
num_old_keys.
- admin_history_kvno
- The key version number of the kadmin/history
principal's key used to encrypt the values in old_keys. If the server
library finds that kadmin/history's kvno is different from the value
in this field, it returns KADM5_BAD_HIST_KEY.
- old_keys
- The array of the principal's previous passwords, each
encrypted in the kadmin/history key. There are num_old_keys
elements. Each ``password'' in the array is itself an array of
n_key_data krb5_key_data structures, one for each keysalt type the
password was encoded in.
Next: Policy, osa_policy_ent_t
Up: Database Record Types
Previous: Database Record Types
Contents
Autobuild
2009-09-05