krb5 library missing functions for collections
Greg Hudson
ghudson at mit.edu
Thu Aug 15 12:21:20 EDT 2019
On 8/15/19 10:01 AM, Charles Hedrick wrote:
> I can actually do the combination of MIT libkrb5 and Heimdal KCM. I’m assuming that the Mac has a normal Heimdal KCM.
It appears they differ in this regard. The kcm_access() function
determines which clients see which caches, and the implementations are
totally different in the upstream and Apple-customized Heimdal versions.
The two versions can be seen here:
https://opensource.apple.com/source/Heimdal/Heimdal-520.220.2/kcm/acl.c.auto.html
https://github.com/heimdal/heimdal/blob/master/kcm/acl.c#L38
Apple's version only allows root to see "system" and root-owned caches,
while upstream Heimdal's allows it to see everything.
More information about the Kerberos
mailing list