[krbdev.mit.edu #2139] CVS Commit
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Jan 30 20:41:03 EST 2004
2004-01-30 Jeffrey Altman <jaltman at mit.edu>
* cc_mslsa.c: As per extensive conversations with Doug Engert we have
concluded that MS is not specifying a complete set of domain information
when it comes to service tickets other than the initial TGT. What happens
is the client principal domain cannot be derived from the fields they
export. Code has now been added to obtain the domain from the initial
TGT and use that when constructing the client principals for all tickets.
This behavior can be turned off by setting a registry either on a per-user
or a system-wide basis:
{HKCU,HKLM}\Software\MIT\Kerberos5
PreserveInitialTicketIdentity = 0x0 (DWORD)
To generate a diff of this commit:
cvs diff -r5.94 -r5.95 krb5/src/lib/krb5/ccache/ChangeLog
cvs diff -r5.7 -r5.8 krb5/src/lib/krb5/ccache/cc_mslsa.c
More information about the krb5-bugs
mailing list