issue with preauth processing
Luke Howard
lukeh at padl.com
Fri Oct 23 18:34:54 EDT 2009
> I also notice this in src/lib/krb5/krb/s4u_creds.c:
>
> krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1);
>
> where ptypes is:
>
> krb5_preauthtype ptypes[1] = { KRB5_PADATA_S4U_X509_USER };
>
> Isn't the point to restrict the preauth to just
> KRB5_PADATA_S4U_X509_USER?
Yep and from memory this works.
> (Luke, I also think that code is buggy, shouldn't that be ptypes[0]?)
No, we want enough space to hold one krb5_preauthtype.
-- Luke
More information about the krbdev
mailing list