question about krb5_verify_init_creds() and verify_ap_req_nofail
Will Fiveash
will.fiveash at oracle.com
Mon Jan 10 18:31:20 EST 2011
I was looking at krb5_verify_init_creds() in
src/lib/krb5/krb/vfy_increds.c and comparing it to the Solaris variant,
<http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/vfy_increds.c#67>,
and I'm confused in regards to the handling of the
KRB5_CONF_VERIFY_AP_REQ_NOFAIL ("verify_ap_req_nofail") option. What
confuses me is that the MIT code (and Solaris to a lesser degree) does a
number of things that could cause krb5_verify_init_creds() to return an
error before checking the setting of KRB5_CONF_VERIFY_AP_REQ_NOFAIL and
I'm wondering if this is correct. Basically shouldn't
verify_ap_req_nofail be checked first and if it is false just return 0?
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
More information about the krbdev
mailing list