[3562] in Kerberos-V5-bugs
[krbdev.mit.edu #1230] Transited realm handling
daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Sun Oct 27 21:36:40 2002
Message-Id: <rt-1230-3240.19.6076371518843@krbdev.mit.edu>
In-Reply-To: <rt-1230@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Sun, 27 Oct 2002 21:34:15 -0500 (EST)
Bug 1230 notes that we were included a trailing null in transited
realm encodings that we send over the wire and check against KDC
policy.
I have fixed this code but not yet closed out the bug. We could
include an additional fix to better deal with encodings that include a
trailing null received from other KDCs.
The disadvantage is that we would consider realms differing only in a
trailing null character the same for trust comparisons. Also, it is
not clear how useful the fix will be since I think our current KDC
code will always force a non-null transited encoding to fail the
cross-realm policy check.
Thoughts?
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
