krb5 commit [krb5-1.13]: Make registry hostrealm module highest precedence
Tom Yu
tlyu at mit.edu
Wed Jun 24 17:59:42 EDT 2015
https://github.com/krb5/krb5/commit/9f4c5ddf62717c3be2499214d5fc61bcb6e8d7ff
commit 9f4c5ddf62717c3be2499214d5fc61bcb6e8d7ff
Author: Ben Kaduk <kaduk at mit.edu>
Date: Tue Jun 23 10:38:19 2015 -0400
Make registry hostrealm module highest precedence
Testing reveals that there are a number of machines in the wild
which retain old krb5.ini files across domain configuration changes,
and it is difficult to determine which machines are potentially
affected by incorrect stale configuration data.
To enable domain administrators to easily ensure that the correct
default realm is set, allow the registry hostrealm module to take
precedence over the profile.
Note that the registry hostrealm module can still be disabled
in the hostrealm interface configuration statment in the
[plugins] section of the profile.
(cherry picked from commit 287b8eae295a3ab496b04b327840e92c235efd1a)
ticket: 8209
version_fixed: 1.13.3
status: resolved
src/lib/krb5/os/hostrealm.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lib/krb5/os/hostrealm.c b/src/lib/krb5/os/hostrealm.c
index 9c84749..78d6c5d 100644
--- a/src/lib/krb5/os/hostrealm.c
+++ b/src/lib/krb5/os/hostrealm.c
@@ -75,14 +75,14 @@ get_modules(krb5_context context, krb5_plugin_initvt_fn **modules_out)
*modules_out = NULL;
/* Register built-in modules. */
- ret = k5_plugin_register(context, intf, "profile",
- hostrealm_profile_initvt);
- if (ret)
- return ret;
ret = k5_plugin_register(context, intf, "registry",
hostrealm_registry_initvt);
if (ret)
return ret;
+ ret = k5_plugin_register(context, intf, "profile",
+ hostrealm_profile_initvt);
+ if (ret)
+ return ret;
ret = k5_plugin_register(context, intf, "dns", hostrealm_dns_initvt);
if (ret)
return ret;
More information about the cvs-krb5
mailing list