[16592] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: question about krb5_verify_init_creds() and verify_ap_req_nofail

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jan 12 11:52:14 2011

From: Greg Hudson <ghudson@mit.edu>
To: Sam Hartman <hartmans@mit.edu>
In-Reply-To: <tsl4o9efjaa.fsf@mit.edu>
Date: Wed, 12 Jan 2011 11:52:06 -0500
Message-ID: <1294851126.2456.431.camel@ray>
Mime-Version: 1.0
Cc: MIT Kerberos Dev List <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On Wed, 2011-01-12 at 06:33 -0500, Sam Hartman wrote:
> Am I missing something or is the logic backwards?

My most charitable reading of the option name is "don't allow
verify_ap_req to fail for any reason," as opposed to the default
behavior where we allow it to fail for lack of keying material.


_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16592] in Kerberos_V5_Development

Re: question about krb5_verify_init_creds() and verify_ap_req_nofail

daemon@ATHENA.MIT.EDU (Greg Hudson)Wed Jan 12 11:52:14 2011

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jan 12 11:52:14 2011