regression due to referral realm
Sam Hartman
hartmans at MIT.EDU
Tue Feb 10 13:34:32 EST 2009
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> On Wed, Feb 04, 2009 at 01:46:52PM -0500, Sam Hartman
Nicolas> wrote:
>> What is the right fix here? Do we want to substitute in the
>> default realm, or do we want to substitute in the realm of the
>> local host (I.E. getrealmofhost(gethostname())?
Nicolas> What breaks here is krb5_get_init_creds_keytab() when
Nicolas> called with a principal made by
Nicolas> krb5_sname_to_principal(). The realm part of that
Nicolas> principal will be the null realm.
Nicolas> Mark's fix is to search the keytab for the first match
Nicolas> where the realm is ignored if the principal we're
Nicolas> searching for has a null realm.
Hmm. I would have assumed you wanted to substitute in the default
realm or the realm of the host. However this fix seems reasonable if
more complicated behavior than the previous code.
More information about the krbdev
mailing list