Skip Menu |
 

From: tlyu@mit.edu
Subject: CVS Commit
* gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
turned off, the second call to get_init_creds() will fail with
KRB5_REALM_UNKNOWN under certain circumstances. If that happens,
return the error from the first call to get_init_creds(), which
will be more useful to the user.


To generate a diff of this commit:



cvs diff -r5.420 -r5.421 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.24 -r5.25 krb5/src/lib/krb5/krb/gic_pwd.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r5.378.2.26 -r5.378.2.27 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.19.2.4 -r5.19.2.5 krb5/src/lib/krb5/krb/gic_pwd.c
Subject: krb5_get_cred_from_kdc_opt returns KRB5_REALM_UNKNOWN instead of KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
In KfW 2.5.0, krb5_get_cred_from_kdc_opt returns KRB5_REALM_UNKNOWN
when it should return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN. Tested using my
own code and Leash, using Ethereal to make sure the KDC isn't bonkers.
I haven't tested any Unix clients.

I think the "else" on send_tgs.c:281 needs to be replaced with a
newline?
[guest - Mon Aug 18 22:50:41 2003]:

I checked and it doesn't happen on 1.3.1 on Linux. I'm setting up a
KfW build environment now so that I can mess with it.
[guest - Tue Aug 19 13:39:53 2003]:

Ignore the previous statement, I was looking at the sgt code for some
reason.

Looks like krb5_locate_kdc is failing to find the master kdc in my
configuration. This is exposed by the unknown principal error, which
causes get_init_creds to go try the master.
Subject: master_kdc is required but not documented
[guest - Tue Aug 19 17:09:42 2003]:

Looks like the master_kdc is now a required field in krb5.conf. Is
this intentional? It doesn't seem to be documented.