Le 1 sept. 2011 à 18:19, Greg Hudson a écrit : > I believe you can simplify that to: >
I know, I tried that to be sure to not miss something. >> What's the point of a TGS for krbtgt/R3@R1 on kdc.d2 ? I expected a >> TGS_REQ for krbtgt/R3@R2. > > That's a previously unknown bug introduced in krb5 1.9. I think it's > gone unnoticed until now because an MIT KDC at R2 will paper over the > problem by returning krbtgt/R3@R2 in response to the krbtgt/R3@R1 > request. > Some unit tests should be added ? > I can provide a patch (it's a one-liner), but since you're using an OS > distribution of krb5 I imagine it wouldn't be convenient to use. > Unfortunately, I can't think of a good workaround. The fix should be in > 1.9.2. > > Thanks, that's a great new. At least I know now that I'm not totally stupid. I will keep an eye on upstream's updates from now. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
