Discussion of krb5_get_init_creds_password() behavior was Re:problem with the kinit_prompter in kfw 2.5
kenh at cmf.nrl.navy.mil
Thu Feb 19 16:15:33 EST 2004
>OK. It's here. And I still don't think the logic of
>krb5_get_init_creds_password() is correct...
I completely agree with you, FWIW. That whole mess causes me no end of
pain (for different reasons, though).
>> >Ugly as it is, I think the only way to make this really work
>> >properly is for krb5_get_init_creds() to return an indication
>> >as to whether or not the reply it is returning came from the
>> >master kdc and if so, skip the 2nd call (with use_master = 1).
This seems reasonable to me.
>OK, actually, the right fix would be for the KDCs to use
>a proper replicated DB so you always get the same answer
>no matter which KDC responds. But, I'm not holding my breath.
No argument here :-/
More information about the krbdev