diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-11-14 18:02:52 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-11-14 18:02:52 +0000 |
commit | 6a1f05eb0fb5451c887e73406fb8fcf5a3716d1c (patch) | |
tree | 0ac104674030a1d1e8796ef38bec7f232fc7b2bb /src/include/k5-trace.h | |
parent | 9b21c05fec7cc9e06c7c8d00dd750ee8a32cfe44 (diff) | |
download | krb5-6a1f05eb0fb5451c887e73406fb8fcf5a3716d1c.zip krb5-6a1f05eb0fb5451c887e73406fb8fcf5a3716d1c.tar.gz krb5-6a1f05eb0fb5451c887e73406fb8fcf5a3716d1c.tar.bz2 |
Handle TGS referrals to the same realm
krb5 1.6 through 1.8 contained a workaround for the Active Directory
behavior of returning a TGS referral to the same realm as the request.
1.9 responds to this behavior by caching the returned TGT, trying
again, and detecting a referral loop. This is a partial regression of
ticket #4955. Detect this case and fall back to a non-referreal
request.
ticket: 7016
target_version: 1.9.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25472 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/k5-trace.h')
-rw-r--r-- | src/include/k5-trace.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index 2d34574..926c523 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -357,6 +357,9 @@ TRACE(c, (c, "TGS request result: {kerr}", code)) #define TRACE_TKT_CREDS_RETRY_TCP(c) \ TRACE(c, (c, "Request or response is too big for UDP; retrying with TCP")) +#define TRACE_TKT_CREDS_SAME_REALM_TGT(c, realm) \ + TRACE(c, (c, "Received TGT referral back to same realm ({data}); trying " \ + "again without referrals", realm)) #define TRACE_TKT_CREDS_SERVICE_REQ(c, princ, referral) \ TRACE(c, (c, "Requesting tickets for {princ}, referrals {str}", princ, \ (referral) ? "on" : "off")) |