Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.4KiB

Remove KRB5_KDB_FLAG_ALIAS_OK

It is simpler and more consistent with Windows to let the KDB module
always return aliases, and use KDC logic (already present) to decide
whether to use the requested or canonical principal name in the
ticket.

With the removal of this flag, "kinit alias" (without the -C flag)
against the LDAP KDB module will issue a ticket for the alias name,
instead of failing with a "client not found" error.

[ghudson@mit.edu: edited comments; wrote commit message]

https://github.com/krb5/krb5/commit/ac8865a22138ab0c657208c41be8fd6bc7968148
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: ac8865a22138ab0c657208c41be8fd6bc7968148
Branch: master
src/include/kdb.h | 14 +++-----------
src/kdc/do_as_req.c | 7 +------
src/kdc/do_tgs_req.c | 1 -
src/kdc/kdc_preauth.c | 2 +-
src/kdc/kdc_util.c | 5 ++---
src/lib/kadm5/srv/server_kdb.c | 3 +--
src/lib/kdb/kdb5.c | 3 +--
src/lib/kdb/kdb_default.c | 3 +--
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 15 ++++++---------
src/plugins/kdb/test/kdb_test.c | 14 +++++---------
src/tests/t_kdb.py | 5 +++--
11 files changed, 24 insertions(+), 48 deletions(-)