[427] in Kerberos-V5-bugs
rd_req_simple should allow null server?
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Thu Mar 3 12:42:58 1994
Date: Thu, 3 Mar 1994 12:42:52 -0500
From: "Jonathan I. Kamens" <jik@security.ov.com>
To: krb5-bugs@MIT.EDU
As it's written right now, the krb5_rd_req_simple function
doesn't allow server to be NULL, because it always dereferences it by
calling krb5_princ_component on it in order to determine the name of
the replay cache.
On the one hand, this makes sense, because forcing the caller
to specify a principal makes it possible to check against that
principal internally so that the client doesn't have to (hence making
the client's code "simple").
On the other hand, if the caller is using a private key store
with only one key in it, then it doesn't want to have to worry about
what its principal name is, so it should just be able to specify null
for the server.
I think that rd_req_simple should be modified so that it
checks if server is NULL, and if it is, uses some default replay cache
rather than trying to derive one from the name of the server
principal.
If there's some reason why rd_req_simple doesn't allow a null
server, please let me know.
jik
