[krbdev.mit.edu #7800] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sat Dec 21 00:13:16 EST 2013
Allow realm in kadm5_init service names
Previously, if you passed a service name with a realm part to a
kadm5_init function, you would get a KRB5_PARSE_MALFORMED error
because the code would internally append its own '@realm' suffix
before parsing the name. Fix this as follows:
Change gic_iter so instead of producing a full service name, it
produces a krb5_principal which is taken from the cred it acquires.
Pass the client and full service name around as principals, rather
than strings, and use the gss_nt_krb5_principal name type to import
them in setup_gss(). Don't append a realm to the input service name;
instead, pass the input service name directly to the gic functions
(which do not need a realm in the service name and will ignore the
realm if one is present). For the INIT_CREDS case, parse the input
service name with KRB5_PRINCIPAL_PARSE_IGNORE_REALM and then set the
realm.
https://github.com/krb5/krb5/commit/5341cfde2b3e607e294bb0d057dc3540172a8b1b
Author: Greg Hudson <ghudson at mit.edu>
Commit: 5341cfde2b3e607e294bb0d057dc3540172a8b1b
Branch: master
src/lib/kadm5/clnt/client_init.c | 96 +++++++++++++++++++-------------------
1 files changed, 48 insertions(+), 48 deletions(-)
More information about the krb5-bugs
mailing list