[441] in Kerberos-V5-bugs
Re: beta 3: krb5_get_in_tkt uses creds->addresses when it should
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Mar 11 18:28:14 1994
Date: Fri, 11 Mar 94 18:28:03 EST
From: tytso@MIT.EDU (Theodore Ts'o)
To: "Jonathan I. Kamens" <jik@security.ov.com>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: Jonathan I. Kamens's message of Thu, 24 Feb 1994 15:12:45 -0500,
Date: Thu, 24 Feb 1994 15:12:45 -0500
From: "Jonathan I. Kamens" <jik@security.ov.com>
krb5_get_in_tkt calls krb5_obtain_padata with creds->addresses as its
addresses argument. I believe that that's wrong, because (a)
creds->addresses is assigned later from the KDC reply, (b) kinit
doesn't iniitialize creds->addresses before calling
krb5_get_in_tkt_with_*, and (c) doc/api/krb5.tex doesn't say that
creds->addresses is used by krb5_get_in_tkt.
I'd send in a patch, but I'm reluctant to fix this until somebody else
confirms that I'm right about it being broken :-). If I am right,
please let me know. (Please let me know if I'm wrong too. :-)
Yup, you're right. Fortunately, none of our current preauthentication
data routines use the addresses argument. I'm not sure I remember why
it was included in the first place. :-)
- Ted
