diff options
author | Sam Hartman <hartmans@mit.edu> | 2006-09-21 01:48:50 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2006-09-21 01:48:50 +0000 |
commit | 25860eac35980ab0d8d786fe1d06ced26a04d2db (patch) | |
tree | 74e4b87fee38208ea1378bb6868c009964e9cf3f /src/appl | |
parent | b2239415f139c8822715180716e41b4f9606232e (diff) | |
download | krb5-25860eac35980ab0d8d786fe1d06ced26a04d2db.zip krb5-25860eac35980ab0d8d786fe1d06ced26a04d2db.tar.gz krb5-25860eac35980ab0d8d786fe1d06ced26a04d2db.tar.bz2 |
Set the canonicalize flag in TGS requests and accept cross-realm referral tickets.
We do not yet accept tickets in which the server name changes.
* krb5_sname_to_principal: If there is no domain realm mapping return null realm
*krb5_get_cred_via_tkt: New behavior as described below
1) the referrals case:
- check for TGT for initial realm
- if a remote realm was specified (which must have happened via a
domain_realm mapping), obtain a TGT for it the standard way and
start with that.
- use client realm for server if not specified
- iterate through this loop:
- request ticket with referrals turned on
- if that fails:
- if this was the first request, punt to non-referrals case
- otherwise, retry once without referrals turned on then terminate
either way
- if it works, either use the service ticket or follow the referral path
- if loop count exceeded, hardfail
2) the nonreferrals case
- this is mostly the old walk_realm_tree TGT-finding (which allows
limited shortcut referrals per 4120) followed by a standard tgs-req.
- originally requested principal is used for this, although if we were
handed something without a realm, determine a fallback realm based on
DNS TXT records or a truncation of the domain name.
ticket: 2652
Owner: amb
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl')
-rw-r--r-- | src/appl/telnet/libtelnet/kerberos5.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 958a4ce..9761f6d 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -249,6 +249,7 @@ kerberos5_send(ap) } memset((char *)&creds, 0, sizeof(creds)); + printf("calling krb5_sname_to_principal\n"); if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host", KRB5_NT_SRV_HST, &creds.server))) { @@ -256,6 +257,7 @@ kerberos5_send(ap) printf("telnet: Kerberos V5: error while constructing service name: %s\r\n", error_message(r)); return(0); } + printf("done calling krb5_sname_to_principal\n"); if (telnet_krb5_realm != NULL) { krb5_data rdata; |