[krbdev.mit.edu #9137] kg_acceptor_princ behavior
Hascall, John P [ITS] via RT
rt-comment at kerborg-prod-app-1.mit.edu
Sat Aug 24 02:10:38 EDT 2024
Sat Aug 24 02:10:38 2024: Request 9137 was acted upon.
Transaction: Ticket created by john at mail.iastate.edu
Queue: krb5
Subject: kg_acceptor_princ behavior
Owner: Nobody
Requestors: john at mail.iastate.edu
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9137 >
In kg_acceptor_princ() [ found in lib/gssapi/krb5/naming_exts.c ]
exists the following:
if (name->host != NULL && name->princ->length == 2) {
/* If a host was given, we have to use the canonicalized form of it (as
* given by krb5_sname_to_principal) for backward compatibility. */
const krb5_data *d = &name->princ->data[1];
tmp = k5memdup0(d->data, d->length, &code);
if (tmp == NULL)
return ENOMEM;
host = tmp;
} else ...
This is seriously annoying (esp as krb5_sname_to_principal() gives you the OPTION to canonicalize or not).
What exactly is it we are being backwards compatible with?
Grumpily yours,
John
John Hascall
Sr Security Architect
IT Services
Iowa State University
john at iastate.edu
More information about the krb5-bugs
mailing list