Misbehaving krb5 forwarding?
Sam Hartman
hartmans at MIT.EDU
Wed Mar 31 12:59:59 EST 2004
>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
Russ> Cool, thanks. I didn't know if this was a known bug. We're
Russ> hoping to move to 1.3.2 or 1.3.3, probably shortly after we
Russ> finally manage to get a K5 aklog working, so *maybe* this
Russ> summer, more likely later in the year.
Not so much a known bug as an enhancement added late in the 1.3
release cycle.
Please see the following revisions of src/lib/krb5/krb/fwd_tgt.c:
revision 5.20
date: 2003/01/08 23:49:33; author: hartmans; state: Exp; lines: +21 -14
branches: 5.20.2;
Previously fwd_tgt_creds required either that the hostname be passed
in or that the principal be a host-based service. This means you
cannot for example forward tickets to a GSSAPI user-based service.
The requirement to get the hostname is only needed in cases where
addressless tickets are not used. So when addressless tickets are
used, do not require the hostname.
----------------------------
revision 5.19
date: 2002/09/11 20:50:59; author: hartmans; state: Exp; lines: +12 -11
Don't request addresses when
we forward addressless tickets
More information about the Kerberos
mailing list