[krbdev.mit.edu #5947] FFM.EXAMPLE.ORG -> M.EXAMPLE.ORG broken
Public Submitter via RT
rt-comment at krbdev.mit.edu
Fri Apr 25 09:04:46 EDT 2008
Hi!
In an AD multi-domain/realm environment with FFM.EXAMPLE.ORG,
EXAMPLE.ORG and M.EXAMPLE.ORG winbind with a machine principal in
FFM.EXAMPLE.ORG wants to acquire a service ticket for
pdc$@M.EXAMPLE.ORG. This fails because krb5_walk_realm_tree() is wrong
in the case FFM and M share the "M". The loop that the attached patch
fixes goes one step too far, rendering slen==0, in which case it
believes that M.EXAMPLE.ORG is a parent realm of FFM.EXAMPLE.ORG.
EXAMPLE.ORG is obviously not the right domain I could provide a log for,
this is a customer of mine.
Volker Lendecke
Samba Team
More information about the krb5-bugs
mailing list