regression due to referral realm
Nicolas Williams
Nicolas.Williams at sun.com
Tue Feb 10 11:17:32 EST 2009
On Wed, Feb 04, 2009 at 01:46:52PM -0500, Sam Hartman wrote:
> What is the right fix here? Do we want to substitute in the default
> realm, or do we want to substitute in the realm of the local host (I.E. getrealmofhost(gethostname())?
What breaks here is krb5_get_init_creds_keytab() when called with a
principal made by krb5_sname_to_principal(). The realm part of that
principal will be the null realm.
Mark's fix is to search the keytab for the first match where the realm
is ignored if the principal we're searching for has a null realm.
I suppose that another fix would be to have keytab entries with a null
realm.
More information about the krbdev
mailing list