Project review: policy refcount elimination
Greg Hudson
ghudson at MIT.EDU
Tue Jan 8 12:04:55 EST 2013
On 01/08/2013 11:33 AM, Benjamin Kaduk wrote:
> On Mon, 7 Jan 2013, Greg Hudson wrote:
>
>> I've written up a project page on eliminating the policy refcount
>> field:
>>
>> http://k5wiki.kerberos.org/wiki/Projects/Policy_refcount_elimination
>
> "A principal which references a nonexistent policy name will behave as
> if it does not reference a policy" means the default policy, not the
> "clear" policy, right?
No. The policy named "default" is only the default for the purposes of
kadmin addprinc (and specifically the kadmin client; that logic is in
the client, not in libkadm5clnt/libkadm5srv or kadmind).
More information about the krbdev
mailing list