[krbdev.mit.edu #7892] git commit
Benjamin Kaduk via RT
rt-comment at krbdev.mit.edu
Thu May 22 17:34:37 EDT 2014
Do not default to host/ for client keytabs
When the normal (acceptor) keytab is being used to obtain initial
credentials, it is reasonable to use the default hostbased service
principal (host/fully.qualified.localhost.domain) when no client
principal is given. This behavior is not very reasonable when
the default client keytab is being used, as host/ credentials are
not normally client credentials.
Make kinit -i match up with the GSS-API behavior when client keytabs
are in use, using the name of the first entry in the keytab when
no name is explicitly given.
https://github.com/krb5/krb5/commit/6c4bd36bd000c8f5ab1b8dacd5d4101831fe576e
Author: Ben Kaduk <kaduk at mit.edu>
Commit: 6c4bd36bd000c8f5ab1b8dacd5d4101831fe576e
Branch: master
src/clients/kinit/kinit.c | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list