Null realms and servers
hartmans at MIT.EDU
Wed Dec 20 16:48:26 EST 2006
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> It may yet turn out that the MIT krb5 1.6 change to
Nicolas> krb5_sname_to_principal() causes backwards compatibility
Nicolas> problems that go beyond krb5_kt_get_entry(). If so I'm
Nicolas> sure MIT will reconsider this particular change as
Nicolas> alternatives seem to exist. In the meantime I withdraw
Nicolas> my objection.
I think you've made a compelling case that we need to have a
discussion about whether that is the right behavior. We're probably
stuck treating null realm in get_credentials as meaning start at
client realm. But I think we could reverse the sname_to_principal
behavior in a future release.
More information about the krbdev