realm policyreferece attribute in krb5_ldap_read_realm_params() function
Klaus Heinrich Kiwi
klausk at linux.vnet.ibm.com
Mon May 19 15:31:08 EDT 2008
Hi,
looking at the krb5_ldap_read_realm_params() function (file:
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c), I'm trying to understand
where does the rlparams->policyreference value comes from, since it's
used in the conditional around line 1368.
I was hoping to find a query to "krbTicketPolicyReference" along with
other krbRealmContainer attributes right above this line.
>From my initial analysis, looks like if *mask doesn't bring any of the
LDAP_REALM_MAXTICKETLIFE, LDAP_REALM_MAXRENEWLIFE or
LDAP_REALM_KRBTICKETFLAGS flags, the code to query those from the policy
reference dn will always be skipped since rlparams->policyreference is
always NULL (even if there *is* a krbTicketPolicyReference attribute in
the Realm Container object).
Any comments are welcome.
-Klaus
--
Klaus Heinrich Kiwi
Security Development - IBM Linux Technology Center
More information about the krbdev
mailing list