realm policyreferece attribute in krb5_ldap_read_realm_params() function

Klaus Heinrich Kiwi klausk at
Mon May 19 15:31:08 EDT 2008


 looking at the krb5_ldap_read_realm_params() function (file:
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c), I'm trying to understand
where does the rlparams->policyreference value comes from, since it's
used in the conditional around line 1368.

I was hoping to find a query to "krbTicketPolicyReference" along with
other krbRealmContainer attributes right above this line.

>From my initial analysis, looks like if *mask doesn't bring any of the
LDAP_REALM_KRBTICKETFLAGS flags, the code to query those from the policy
reference dn will always be skipped since rlparams->policyreference is
always NULL (even if there *is* a krbTicketPolicyReference attribute in
the Realm Container object).

Any comments are welcome.


Klaus Heinrich Kiwi
Security Development - IBM Linux Technology Center

More information about the krbdev mailing list