[krbdev.mit.edu #6966] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Sep 28 13:03:17 EDT 2011
For a very long time, KDCs have known how to perform a domain-based
realm walk when serving requests for TGTs. (So if a KDC for A.B.C
receives a request for krbtgt/X.B.C and doesn't have that principal,
it can return one for krbtgt/B.C instead.) Performing the same
heuristic on the client is unnecessary and inefficient in common
cases.
Add a new function k5_client_realm_path to walk_rtree.c which uses
capaths values only, and returns a list of realms (as desired by
get_creds.c) instead of TGT names.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25241
Commit By: ghudson
Revision: 25241
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/krb/get_creds.c
U trunk/src/lib/krb5/krb/walk_rtree.c
More information about the krb5-bugs
mailing list