Skip Menu |
 

Subject: get_init_creds_keytab can return bogus REALM_UNKNOWN
Cc: jdvf@hotmail.com
locate_kdc() can return REALM_UNKNOWN if an attempt to look up the name
of a master KDC fails. This should not cause an error from
get_init_creds() if this happens while attempting to look up a master
KDC subsequent to successfully getting credentials from a slave. This
manifested as a spurious "Cannot find KDC for requested realm" from the
fallback implementation in the kadmin client, but only when attempting
to use a keytab to get credentials for kadmin. The needed change is
parallel to one already made in get_init_creds_password().
From: tlyu@mit.edu
Subject: CVS Commit
* gic_keytab.c (krb5_get_init_creds_keytab): When calling
krb5_get_init_creds() for the second time (with use_master=1),
also accept KRB5_REALM_UNKNOWN as a soft error, and use the result
from the first call to krb5_get_init_creds(). This can happen
when no master KDC is configured.


To generate a diff of this commit:



cvs diff -r5.466 -r5.467 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.17 -r5.18 krb5/src/lib/krb5/krb/gic_keytab.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r5.455.2.4 -r5.455.2.5 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.17 -r5.17.4.1 krb5/src/lib/krb5/krb/gic_keytab.c