[17311] in Kerberos_V5_Development
Re: Proposed Behavior change: don't fail when krb5_sname_to_principal
daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Oct 14 17:16:25 2011
MIME-Version: 1.0
In-Reply-To: <tsl8vonb8rj.fsf@mit.edu>
Date: Fri, 14 Oct 2011 16:15:51 -0500
Message-ID: <CAK3OfOgM-tCQ-KDZexUiw=TvGVCqjcazc3AeR3GG+i5N-4QU7A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Sam Hartman <hartmans@mit.edu>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>, Tom Yu <tlyu@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Fri, Oct 14, 2011 at 3:47 PM, Sam Hartman <hartmans@mit.edu> wrote:> I don't have a problem if someone proposes updating my patch with a> single search entry support. (It's possible to do multiple search> entries against a KDC with significantly more code restructuring.)> However it's sounding like people agree that the patch would be an> improvement and doesn't sound like it creates trouble for things we want> or might want in the future.
My patches are rather non-intrusive, actually, since the two mainfunctions where we need the list applied can be trivially wrapped:krb5_get_credentials() and krb5_kt_get_entry(). An asynckrb5_get_credentials() extension, done right (you'd have to try hardto get it wrong, I think), would also result in a very unintrusivejust-wrap-it implementation.
Nico--
_______________________________________________krbdev mailing list krbdev@mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev
