[13584] in Kerberos_V5_Development
question related to mkey keytab stash project
daemon@ATHENA.MIT.EDU (Will Fiveash)
Fri Jun 27 16:39:15 2008
Date: Fri, 27 Jun 2008 15:30:31 -0500
From: Will Fiveash <William.Fiveash@sun.com>
To: MIT Kerberos Dev List <krbdev@mit.edu>
Message-ID: <20080627203031.GA13976@sun.com>
Mail-Followup-To: MIT Kerberos Dev List <krbdev@MIT.EDU>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
While the current code under review appears to work and all MIT tests
pass, I do have a question as to the new behavior of the
krb5_db_fetch_mkey() function.
The new krb5_db_fetch_mkey() will return the first key it finds in the
keytab stash and can optionally search based on either kvno, enctype or
both. My question is; if a kvno is not specified when calling
krb5_db_fetch_mkey() as is the case when krb5kdc calls it, should the
function try to get the masterkey princ entry and use the kvno in the
entry to search the keytab or should that be the responsibility of the
caller which would then include that kvno when calling
krb5_db_fetch_mkey()?
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
