master_kdc vs krb5_get_init_creds_password vs NetIDMgr
Jeffrey Altman
jaltman at secure-endpoints.com
Sun Nov 5 23:21:47 EST 2006
Jeffrey Altman wrote:
> For everything else I think the prompting should take place whenever
> krb5_get_init_creds_password would return KRB5KDC_ERR_KEY_EXP.
> If we come to consensus on this latter change, I will produce a
> patch that I would like to see pulled up for the KFW 3.1 release.
The patch would be this:
Index: gic_pwd.c
===================================================================
--- gic_pwd.c (revision 18761)
+++ gic_pwd.c (working copy)
@@ -163,12 +163,10 @@
/* if the master is unreachable, return the error from the
slave we were able to contact */
- if ((ret2 == KRB5_KDC_UNREACH) ||
+ if (!((ret2 == KRB5_KDC_UNREACH) ||
(ret2 == KRB5_REALM_CANT_RESOLVE) ||
- (ret2 == KRB5_REALM_UNKNOWN))
- goto cleanup;
-
- ret = ret2;
+ (ret2 == KRB5_REALM_UNKNOWN)))
+ ret = ret2;
}
#ifdef USE_LOGIN_LIBRARY
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20061105/83aba5f6/attachment.bin
More information about the krbdev
mailing list