Null realms and servers

Sam Hartman hartmans at MIT.EDU
Wed Dec 20 16:48:26 EST 2006

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> It may yet turn out that the MIT krb5 1.6 change to
    Nicolas> krb5_sname_to_principal() causes backwards compatibility
    Nicolas> problems that go beyond krb5_kt_get_entry().  If so I'm
    Nicolas> sure MIT will reconsider this particular change as
    Nicolas> alternatives seem to exist.  In the meantime I withdraw
    Nicolas> my objection.

I think you've made a compelling case that we need to have a
discussion about whether that is the right behavior.  We're probably
stuck treating null realm in get_credentials as meaning start at
client realm.  But I think we could reverse the sname_to_principal
behavior in a future release.


More information about the krbdev mailing list