krb5_libdefaults_string bug?
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Sep 12 13:14:01 EDT 2002
I think there is a problem in the code that parses the krb5.conf file
for realm-specific options...
file: get_in_tkt.c
routine: krb5_libdefault_string
Problem - The routine never looks in the [realm] section to find the
associated option/value relationship for the realm specified by the
caller. Even the comment is wrong.
/*
* Try number one:
*
* [libdefaults]
* REALM = {
* option = <boolean>
* }
*/
Shouldn't this be:
/*
* [realms]
* REALM = {
* option = <boolean>
* }
*/
??
I dont think there is supposed to be a "REALM" relationship in the [libdefaults]
section, they are supposed to be in the "[realms]" section of the krb5.conf file.
The problem this causes is that the code never checks for initial ticket options
in the specific realm section, it only ever looks at "libdefaults" section.
Of course, if you move your "REALM" relationships into the "[libdefaults]"
section, that would fix the problem, but it would mess things up in other places
that read the config file correctly (or at least according to the man page for
krb5.conf
and most documentation).
The associated code is wrong, below is a small "diff" of the changes needed
to correct the problem:
$ diff get_in_tkt.c get_in_tkt.c.new
643c643
< names[0] = "libdefaults";
---
> names[0] = "realms";
648c648
< * [libdefaults]
---
> * [realms]
667a668
> names[0] = "libdefaults";
Thoughts??
-Wyllys Ingersoll
Sun Microsystems
More information about the krbdev
mailing list