]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f59556) | patch
Remove KRB5_KDB_FLAG_ALIAS_OK 1018/head
authorIsaac Boukris <iboukris@gmail.com>
Wed, 25 Dec 2019 23:23:21 +0000 (00:23 +0100)
committerGreg Hudson <ghudson@mit.edu>
Sat, 28 Dec 2019 06:02:40 +0000 (01:02 -0500)
commitac8865a22138ab0c657208c41be8fd6bc7968148
tree7b757d90fb25d1fbded459c4a8210ea5af7b36b5tree
parent3f5955631a2056f8ec4d1ce73d9681fa7da061c2commit | diff
Remove KRB5_KDB_FLAG_ALIAS_OK

It is simpler and more consistent with Windows to let the KDB module
always return aliases, and use KDC logic (already present) to decide
whether to use the requested or canonical principal name in the
ticket.

With the removal of this flag, "kinit alias" (without the -C flag)
against the LDAP KDB module will issue a ticket for the alias name,
instead of failing with a "client not found" error.

[ghudson@mit.edu: edited comments; wrote commit message]

ticket: 8859 (new)
src/include/kdb.h diff | blob | blame | history
src/kdc/do_as_req.c diff | blob | blame | history
src/kdc/do_tgs_req.c diff | blob | blame | history
src/kdc/kdc_preauth.c diff | blob | blame | history
src/kdc/kdc_util.c diff | blob | blame | history
src/lib/kadm5/srv/server_kdb.c diff | blob | blame | history
src/lib/kdb/kdb5.c diff | blob | blame | history
src/lib/kdb/kdb_default.c diff | blob | blame | history
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c diff | blob | blame | history
src/plugins/kdb/test/kdb_test.c diff | blob | blame | history
src/tests/t_kdb.py diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git