end of pointer arrays in krb5_creds

Rick van Rein rick at openfortress.nl
Fri Sep 16 04:40:12 EDT 2016


Thanks.  A surprise that I am running into:

The hostaddresses are OPTIONAL, so I would have expected the array pointer (so the **) to be NULL when no host addresses are present in the krb5_creds structure.  However, when using "kinit -A" to login, I do find an array but its first element is NULL.

Normally I would have assumed that a list is prescribing, unless absent.  But it seems that the empty list is an exception, and treated as a carte blanche re. host addresses.

This confuses me somewhat -- what does it mean if there are only IPv4 addresses on the list, and I am approached over an IPv6 address?  My gut feeling says "reject"... right?


More information about the krbdev mailing list