13415 – chgtdcpass doesn't clear old keytab entries

Bug 13415 - chgtdcpass doesn't clear old keytab entries

Summary: chgtdcpass doesn't clear old keytab entries

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.8.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-30 23:49 UTC by Aaron Haslett (dead mail address)
Modified:	2018-05-06 22:53 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
proposed patch (8.04 KB, patch) 2018-05-01 01:04 UTC, Aaron Haslett (dead mail address)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aaron Haslett (dead mail address) 2018-04-30 23:49:13 UTC

The chgtdcpass python script fails to clear all historical records from the keytab.  It clears the record with latest kvno - 1 if it exists, then stops.

Comment 1 Aaron Haslett (dead mail address) 2018-05-01 00:15:05 UTC

Clarification: Running the chgtdcpass script adds a new entry to the keytab but only clears a single record of the old entries.

Comment 2 Aaron Haslett (dead mail address) 2018-05-01 01:04:06 UTC

Created attachment 14167 [details]
proposed patch

Test and patch attached.

Comment 3 Andrew Bartlett 2018-05-06 22:53:23 UTC

The advise is that this isn't a security issue so I've removed the group restriction.