[16583] in Kerberos_V5_Development
Re: question about krb5_verify_init_creds() and verify_ap_req_nofail
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jan 11 13:05:23 2011
From: Greg Hudson <ghudson@mit.edu>
To: Will Fiveash <will.fiveash@oracle.com>
In-Reply-To: <20110110233120.GA2537@sun.com>
Date: Tue, 11 Jan 2011 13:05:18 -0500
Message-ID: <1294769118.2456.429.camel@ray>
Mime-Version: 1.0
Cc: MIT Kerberos Dev List <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, 2011-01-10 at 18:31 -0500, Will Fiveash wrote:
> What
> confuses me is that the MIT code (and Solaris to a lesser degree) does a
> number of things that could cause krb5_verify_init_creds() to return an
> error before checking the setting of KRB5_CONF_VERIFY_AP_REQ_NOFAIL and
> I'm wondering if this is correct. Basically shouldn't
> verify_ap_req_nofail be checked first and if it is false just return 0?
I believe the code matches the intent, which is:
By default, succeed if and only if:
- No keying material is available
- A key is available and verification using that key succeeds
If verify_ap_req_nofail is set, succeed if and only if:
- A key is available and verification using that key succeeds
So, only the specific failure of "no keying material is available"
should consult the value of verify_ap_req_nofail.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
