Mark Phalan wrote:
> On Mon, 2009-01-26 at 14:10 -0500, Peter Shoults wrote:
>
>> Mark Phalan wrote:
>>
>>> On Tue, 2009-01-20 at 19:27 +0100, Mark Phalan wrote:
>>>
>>>
>>>> On Tue, 2009-01-20 at 13:14 -0500, Peter Shoults wrote:
>>>>
>>>>
>>>>>>> 6784485 keys for kadmind princs should be created with all supported
>>>>>>> enc-types
>>>>>>> http://cr.opensolaris.org/~mbp/6784485-enctypes_for_default_kadmin_princs/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> 1) Should we be calling
>>>>>
>>>>> krb5_free_ktypes(context, enctype);
>>>>>
>>>>> IF we failed the malloc() on line 321?
>>>>>
>>>>>
>>>> Yup, nice catch. I'll make the change.
>>>>
>>>>
>>>>
>>>>> 2) Line 341 of new file - How are you determining you are only creating
>>>>> keys with "Normal" enctypes?
>>>>>
>>>>>
>>>> Normal _salt_types.
>>>> Line 330 a "normal" salttype is created. This salttype is used when
>>>> creating the keys. See line 344 where the salttype is being set.
>>>>
>>>>
>>>>
>>>>> Otherwise looks good.
>>>>>
>>>>>
>>> Sorry to bother you with this again but when going over my fixes a final
>>> time I saw a more elegant way to deal with 6776724
>>>
>>> The updated webrev is posted here:
>>>
>>> http://cr.opensolaris.org/~mbp/6776724-updated/
>>>
>>> The only thing which has changed is the fix for 6776724. Its just a one
>>> line change (+copyright year).
>>> The -znodelete option marks the pkinit plugin as something not to be
>>> deleted even if its dlclosed. You can find out more in ld(1). I've
>>> tested it and it works fine.
>>>
>>> Cheers,
>>>
>>> -M
>>>
>>> _______________________________________________
>>> kerberos-discuss mailing list
>>> kerberos-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss
>>>
>>>
>> Don'tt forget to update the CR record with this new information.
>>
>
> CRs will be updated.
>
>
>> Also,
>> when I looked at the ld manpage, it says this
>>
>> " Marks the object as non-deletable at runtime. This mode
>> is similar to adding the object to the process by using
>> dlopen(3C) with the RTLD_NODELETE mode."
>>
>> I do not know the answer to this, but is using z nodelete prefered over
>> using dlopen with the RTLD_NODELETE mode? Is there a rule about that in
>> cstyle or something or advantages of one way over the other?
>>
>
> Well the clear advantage in this case is that its pkinit plugin
> specific. Other plugins will be deleted on dlclose(). The other
> advantage is that no source code needs to be changed so we can keep our
> differences with MIT to a minimum.
>
> -M
>
>
OK - sounds good to me. I see no issues.
