[2409] in Kerberos-V5-bugs
krb5-admin/161: kadmin's "list_principals" doesn't really list all principals
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu Nov 7 11:42:06 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, kenh@cmf.nrl.navy.mil
Date: Thu, 7 Nov 1996 11:39:51 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
>Number: 161
>Category: krb5-admin
>Synopsis: kadmin's list_principals doesn't list all principals
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 07 11:41:00 EST 1996
>Last-Modified:
>Originator: Ken Hornstein
>Organization:
Naval Research Lab
>Release: beta-7
>Environment:
System: SunOS elvis 4.1.3_U1 13 sun4m
Architecture: sun4
>Description:
I discovered that "list_principals" without an expression doesn't really list
all principals -- it only lists principals in the local realm. You wouldn't
normally notice this, but I did when I was setting up cross-cell
authentication.
Since the documentation says that list_principals without an expression lists
all principals, it's either a documentation bug, or a software bug. IMHO,
it's a software bug, since the Principle of Least Astonishment would say
that list_principals really _should_ list all principals.
>How-To-Repeat:
Create a principal with a realm that isn't the same as your local cell, and
note that list_principals doesn't show it.
>Fix:
The following patch fixes the problem. Not really sure if this belongs in
the library or the cli, but it does the right thing for me.
--- lib/kadm5/srv/svr_iters.c.orig Thu Nov 7 11:24:51 1996
+++ lib/kadm5/srv/svr_iters.c Thu Nov 7 11:25:04 1996
@@ -180,7 +180,7 @@
*count = 0;
if (exp == NULL)
- exp = "*";
+ exp = "*@*";
CHECK_HANDLE(server_handle);
>Audit-Trail:
>Unformatted:
