issue with krb5int_parse_enctype_list()
Will Fiveash
will.fiveash at oracle.com
Thu Jan 20 18:52:13 EST 2011
Looking at krb5int_parse_enctype_list() in src/lib/krb5/krb/init_ctx.c I
see:
} else if (krb5_string_to_enctype(token, &etype) == 0) {
/* Set a specific enctype. */
mod_list(etype, sel, weak, &list);
}
My concern is if the admin has mistyped when entering the enctypes for
the enctype list parameters in krb5.conf won't this logic silently
ignore the invalid enctype because an error return value from
krb5_string_to_enctype() is ignored? Shouldn't an error be set which
can be output/syslogged?
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
More information about the krbdev
mailing list