[krbdev.mit.edu #3925] krb5_get_profile should reflect profile in the supplied context
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Thu Jun 22 16:58:40 EDT 2006
Currently krb5_get_profile creates a new profile object by looking anew
at the environment variables and checking the existence of all of the
files; on the other hand, it uses the "secure" flag in the supplied
profile to decide whether to use environment variables or just the
compiled-in paths.
If the environment variables have changed, or a config file created that
was not present before, the resulting profile will not match the one in
the supplied context.
If the supplied context uses kdc.conf as well as krb5.conf, this will
not be reflected in the new profile, because that flag is not preserved.
I think krb5_get_profile should probably use exactly the same set of
files as in the profile in the supplied context. In fact, peeking
through the abstraction, it should probably just build a new list
containing the same pointers to the per-file data, and let the profile
library locking arbitrate accesses between threads.
More information about the krb5-bugs
mailing list