svn rev #21673: branches/mskrb-integ/src/kdc/
hartmans@MIT.EDU
hartmans at MIT.EDU
Fri Jan 2 18:55:51 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21673
Commit By: hartmans
Log Message:
Fix up comment to explain why the kdb keytab is not used in the tgs case any more
Changed Files:
U branches/mskrb-integ/src/kdc/kdc_util.c
Modified: branches/mskrb-integ/src/kdc/kdc_util.c
===================================================================
--- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 23:53:55 UTC (rev 21672)
+++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 23:55:49 UTC (rev 21673)
@@ -294,11 +294,9 @@
if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno)))
goto cleanup_auth_context;
-
/*
- * XXX This is currently wrong but to fix it will require making a
- * new keytab for groveling over the kdb.
- */
+* We do not use the KDB keytab because other parts of the TGS need the TGT key.
+*/
retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key);
krb5_free_keyblock(kdc_context, key);
if (retval)
More information about the cvs-krb5
mailing list