aboutsummaryrefslogtreecommitdiff
path: root/src/appl
diff options
context:
space:
mode:
authorSam Hartman <hartmans@mit.edu>2006-09-21 01:48:50 +0000
committerSam Hartman <hartmans@mit.edu>2006-09-21 01:48:50 +0000
commit25860eac35980ab0d8d786fe1d06ced26a04d2db (patch)
tree74e4b87fee38208ea1378bb6868c009964e9cf3f /src/appl
parentb2239415f139c8822715180716e41b4f9606232e (diff)
downloadkrb5-25860eac35980ab0d8d786fe1d06ced26a04d2db.zip
krb5-25860eac35980ab0d8d786fe1d06ced26a04d2db.tar.gz
krb5-25860eac35980ab0d8d786fe1d06ced26a04d2db.tar.bz2
Set the canonicalize flag in TGS requests and accept cross-realm referral tickets.
We do not yet accept tickets in which the server name changes. * krb5_sname_to_principal: If there is no domain realm mapping return null realm *krb5_get_cred_via_tkt: New behavior as described below 1) the referrals case: - check for TGT for initial realm - if a remote realm was specified (which must have happened via a domain_realm mapping), obtain a TGT for it the standard way and start with that. - use client realm for server if not specified - iterate through this loop: - request ticket with referrals turned on - if that fails: - if this was the first request, punt to non-referrals case - otherwise, retry once without referrals turned on then terminate either way - if it works, either use the service ticket or follow the referral path - if loop count exceeded, hardfail 2) the nonreferrals case - this is mostly the old walk_realm_tree TGT-finding (which allows limited shortcut referrals per 4120) followed by a standard tgs-req. - originally requested principal is used for this, although if we were handed something without a realm, determine a fallback realm based on DNS TXT records or a truncation of the domain name. ticket: 2652 Owner: amb git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl')
-rw-r--r--src/appl/telnet/libtelnet/kerberos5.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 958a4ce..9761f6d 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -249,6 +249,7 @@ kerberos5_send(ap)
}
memset((char *)&creds, 0, sizeof(creds));
+ printf("calling krb5_sname_to_principal\n");
if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName,
"host", KRB5_NT_SRV_HST,
&creds.server))) {
@@ -256,6 +257,7 @@ kerberos5_send(ap)
printf("telnet: Kerberos V5: error while constructing service name: %s\r\n", error_message(r));
return(0);
}
+ printf("done calling krb5_sname_to_principal\n");
if (telnet_krb5_realm != NULL) {
krb5_data rdata;
generated by cgit v1.1 at 2024-09-08 02:57:33 +0000