[2028] in Kerberos_V5_Development
Re: krb5-admin/242: critical: kadmind ACL processing totally broken
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Nov 26 12:13:11 1996
Date: Tue, 26 Nov 1996 17:07:12 GMT
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: krb5-bugs@MIT.EDU, hartmans@MIT.EDU, krbdev@MIT.EDU
In-Reply-To: <199611260709.CAA12742@rt-11.MIT.EDU> (hartmans@MIT.EDU)
Mea culpa. After making the change, I tested to make sure that a
missing kadm5.acl file prevented all access (whic it did, obviously),
but did not think to check that a correct acl file still worked. The
irony here is that I considered the patch Marc made and, for no
particularly good reason, chose instead the one I actually made
because I thought it was safer. I *did* read the code to see what
would happen on an empty ACL entry, and I concluded it would just be
skipped. I guess I was wrong. Oops.
Sick programmers shouldn't make last-minute changes. :-/
On the other hand, this is what the friendly-test cycle is for.
Barry
