[439] in Kerberos-V5-bugs
Re: Principals do not compare
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Mar 8 21:18:49 1994
Date: Tue, 8 Mar 94 21:18:32 EST
From: tytso@MIT.EDU (Theodore Ts'o)
To: dpg@ocsg.com
Cc: krb5-bugs@MIT.EDU, k-dev@ocsg.com
In-Reply-To: Dennis Glatting's message of Tue, 8 Mar 94 09:00:35 -0800,
Date: Tue, 8 Mar 94 09:00:35 -0800
From: Dennis Glatting <war04!dennisg@ocsg.com>
I believe I have discovered a bug in Beta-3.
In beta-3 the function krb5_sname_to_principal() has been changed.
In beta-2 it accepted a boolean 'conicalize' which, if set,
krb5_sname_to_principal() would conicalize the host portion of the
principal. In beta-3 the boolean has been changed to an integer
'type'. There are two valid values for 'type': KRB5_NT_UNKNOWN and
KRB5_NT_SRV_HST. At the end of krb5_sname_to_principal() the
principal's type is assigned the value of 'type':
krb5_princ_type(*ret_princ) = type;
I discovered that the function krb5_principal_compare() does not
include principal types in the comparison. Shouldn't it?
No, it shouldn't. The principal type is only a "hint" as to what type
of namespace the principal was derived from. However, it is *not* part
of the name. "tytso/root@ATHENA.MIT.EDU" is the same principal,
regardless of what the principal type says.
The main use is so that programs given a name can have some idea how to
handle it. In reality, it's probably not all that useful.
- Ted
