Outside of krb5_ldap_read_krbcontainer_params and
krb5_ldap_create_krbcontainer, no fields of
krb5_ldap_krbcontainer_params were used except for the DN. There was
code to create a krbTicketPolicyReference attribute (which would fail
because the schema doesn't allow that attribute, and was never
exercised because kdb5_ldap_util would never set the parameter) and to
read fields like max ticket life from the referenced ticket policy,
but those fields were never used.
Eliminate the structure and just store the container DN in
krb5_ldap_context. Continue creating the container object when
creating a realm (by calling krb5_ldap_create_krbcontainer
unconditionally; it now exits successfully if the container already
exists), but don't ever read it.
projects / thirdparty / krb5.git / commit
