[PATCH] heimdal fixes for the new keytab code
Guenther Deschner
gd at sernet.de
Tue Jul 6 10:27:25 GMT 2004
Hi Jeremy,
On Thu, Jun 24, 2004 at 02:27:14PM -0700, Jeremy Allison wrote:
> Ok, I've finished the changes and the current SVN source code
> compiles with Heimdal. If you could test it I'd appreciate
> it.
Thank you, Jeremy.
There are still some small issues, I'm afraid ;-)
* why do we let samba now kinit with HOST/fqdn at REALM, instead of
HOST/machine at REALM in security=ads ? the current code does not even create
HOST/fqdn at REAM-principals but HOST/fqdn-principals.
AFAIK, this will break all existing security=ads installations prior to
current svn. We should at least provide an internal upgrade path or describe
the to-be-expected-effect in WHATSNEW.TXT. Or am I completely wrong here ?
* The cleanup in libads might be a good chance to apply the remaining parts of
the fix for #1208 (fix existing one-direction clock-skew-correction that can
lead to infite loops whereever libsmb/clikrb5.c's cli_krb5_get_ticket is
used) :)
* with the keytab-patch several initialize_krb5_error_tables slipped in. This
is only needed for Heimdal Kerberos, we should provide another abstraction
function for that later on.
* ads_keytab_create_default should not return it's last error-code (that is
always non-0, at least in Heimdal) (attached)
Thanks a lot,
Guenther
--
Guenther Deschner, SerNet Service Network GmbH
Phone: +49-(0)551-370000-0, Fax: +49-(0)551-370000-9
-------------- next part --------------
Index: source/libads/kerberos_keytab.c
===================================================================
--- source/libads/kerberos_keytab.c (revision 1287)
+++ source/libads/kerberos_keytab.c (working copy)
@@ -479,7 +479,7 @@
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret != KRB5_KT_END && ret != ENOENT ) {
- while ((ret = krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) == 0) {
+ while ((krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) == 0) {
if (kt_entry.vno != kvno) {
char *ktprinc = NULL;
char *p;
More information about the samba-technical
mailing list