question related to mkey keytab stash project
Will Fiveash
William.Fiveash at sun.com
Fri Jun 27 16:30:31 EDT 2008
While the current code under review appears to work and all MIT tests
pass, I do have a question as to the new behavior of the
krb5_db_fetch_mkey() function.
The new krb5_db_fetch_mkey() will return the first key it finds in the
keytab stash and can optionally search based on either kvno, enctype or
both. My question is; if a kvno is not specified when calling
krb5_db_fetch_mkey() as is the case when krb5kdc calls it, should the
function try to get the masterkey princ entry and use the kvno in the
entry to search the keytab or should that be the responsibility of the
caller which would then include that kvno when calling
krb5_db_fetch_mkey()?
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
More information about the krbdev
mailing list