[30323] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Document aliases for enterprise get_principal

daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Oct 25 11:50:38 2018

Date: Thu, 25 Oct 2018 11:49:36 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201810251549.w9PFnaWB004674@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/3d149aed7c19e885b70fa05a251800c0acbff6c4
commit 3d149aed7c19e885b70fa05a251800c0acbff6c4
Author: Greg Hudson <ghudson@mit.edu>
Date:   Tue Oct 23 23:00:24 2018 -0400

    Document aliases for enterprise get_principal
    
    Enterprise principals are always aliases.  In most contexts when we
    see them we pass KRB5_KDB_FLAG_ALIAS_OK to the KDB module's
    get_principal method, but for S4U2Self clients we currently do not.
    Document that a KDB module may return an alias for enterprise
    principals regardless of flags.

 src/include/kdb.h |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/include/kdb.h b/src/include/kdb.h
index cecba31..9812a35 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -1018,9 +1018,10 @@ typedef struct _kdb_vftabl {
      *     requested; also set by the admin interface.  Determines whether the
      *     module should return in-realm aliases.
      *
-     * A module can return in-realm aliases if KRB5_KDB_FLAG_ALIAS_OK is set.
-     * To return an in-realm alias, fill in a different value for
-     * entries->princ than the one requested.
+     * A module can return in-realm aliases if KRB5_KDB_FLAG_ALIAS_OK is set,
+     * or if search_for->type is KRB5_NT_ENTERPRISE_PRINCIPAL.  To return an
+     * in-realm alias, fill in a different value for entries->princ than the
+     * one requested.
      *
      * A module can return out-of-realm referrals if KRB5_KDB_FLAG_CANONICALIZE
      * is set.  For AS request clients (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY is
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post