-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 9 Nov 2005 at 15:36 (-0500), Kevin Coffman wrote:
Our patches are here: http://www.citi.umich.edu/u/kwc/krb5stuff/referrals.html
The page will be updated soon with a patch for 1.4.2, but the 1.3.4
patch applied rather cleanly last night while doing the cvs merge to
1.4.2.
Kevin,
I've been using your referrals patch for about 4 years now and last August
I updated our KDC to 1.4.2. So, I had to update the patch as well. Aside
from line number changes, I found at least one place where a substantive
(though very small) change was required.
In krb5/src/lib/krb5/os/hst_realm.c, in the krbt_get_host_referral_realm
function, I changed
char local_host[MAX_DNS_NAMELEN+1];
to
char local_host[MAXDNAME];
because, I believe (this is based on my memory now) MAX_DNS_NAMELEN was
not defined in this module. I figured that MAXDNAME was large enough to
incorporate the size of MAX_DNS_NAMELEN+1, at least to avoid a buffer
overflow condition. Of course, I might be wrong and there may very well
be a better way to handle this change.
My 1.4.2 KDC has been running (continuously) since early September with no
problems.
I didn't sent you my patch updates because initially I was going to 1.4.1
and I needed to incorporate MIT patches SA-2005-002 and SA-2005-003 that
came out before 1.4.2 was released and which hit one of the modules that
your patch does. So I had to incorporate all 3 patches in that particular
module (kdc/do_tgs_req.c, I believe).
But then I decided to go with 1.4.2, so I guess my referrals patch stands
on its own. If you like, I can send it to you if you haven't already done
your own update.
Mike
_____________________________________________________________________
Mike Friedman System and Network Security
[EMAIL PROTECTED] 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
_____________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBQ3Jifq0bf1iNr4mCEQJkNwCgtkvuK6HeEHja+XtcMOdZIVdCvDkAn3R2
t+8a08k3SQspExm7Bb1HFMiN
=dn26
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
