Subject: | src/windows/ms2mit inserts local addresses into MS Tickets during conversion |
Given the desire to move towards the use of addressless tickets is it
appropriate to alter the behavior of the ms2mit.exe command. In this
command the function MSCredToMITCred() takes the addressless MS Ticket
and calls krb5_os_localaddr() to construct an address list. The
comments state this was done to prevent crashing in krb5_cc_store_cred()
because that function assumes the address list cannot be NULL. At the
very least there must be at least a null address.
The local address list is generated regardless of the user preferences
in the krb5 profile.
One of two proposed fixes should be applied:
(1) remove the call to krb5_os_localaddr() entirely which will result in
the addressless tickets staying that way. A null address list would
need to be constructed in its place.
(2) check the krb5 profile to see if addressless tickets are being used.
If not, call krb5_os_localaddr() otherwise construct a null address list.
I will design a patch as soon as the proper behavior is agreed to.
appropriate to alter the behavior of the ms2mit.exe command. In this
command the function MSCredToMITCred() takes the addressless MS Ticket
and calls krb5_os_localaddr() to construct an address list. The
comments state this was done to prevent crashing in krb5_cc_store_cred()
because that function assumes the address list cannot be NULL. At the
very least there must be at least a null address.
The local address list is generated regardless of the user preferences
in the krb5 profile.
One of two proposed fixes should be applied:
(1) remove the call to krb5_os_localaddr() entirely which will result in
the addressless tickets staying that way. A null address list would
need to be constructed in its place.
(2) check the krb5 profile to see if addressless tickets are being used.
If not, call krb5_os_localaddr() otherwise construct a null address list.
I will design a patch as soon as the proper behavior is agreed to.