Question about aname_do_match behavior on invalid patten

Eric Diven ebd2.github at
Mon Jan 23 18:15:19 EST 2017

I'm porting the localauth_rule code to java for the Presto database
project, and I was curious about the design decision behind
aname_do_match's behavior when a rule contains an invalid pattern.

When regcomp returns a non-zero result, aname_do_match returns
KRB5_LNAME_NOTRANS. This seems like odd behavior for what appears to be an
error in the krb5.conf file. Can somebody please explain the rationale
behind this?

The code I've written follows the behavior in Kerberos 5 1.15, but I'd like
to be sure I understand what I'm porting so I don't do something wrong.

I have searched the bug tracker and the mailing list archives, and I
haven't found any references to aname_do_match.



My code (in draft form) here:

More information about the krbdev mailing list