diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-09-28 17:03:15 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-09-28 17:03:15 +0000 |
| commit | b72aef2c1cbcc76f7fba14ddc54a4e66e7a4e66c (patch) | |
| tree | 37a80969b8a7c84a14d189f4bd803c97235a9c6c /src/include/k5-int.h | |
| parent | e3a33e5bb36c02c6646f80e3a8dd17532f4e3756 (diff) | |
| download | krb5-b72aef2c1cbcc76f7fba14ddc54a4e66e7a4e66c.tar.gz krb5-b72aef2c1cbcc76f7fba14ddc54a4e66e7a4e66c.tar.xz krb5-b72aef2c1cbcc76f7fba14ddc54a4e66e7a4e66c.zip | |
Eliminate domain-based client realm walk
For a very long time, KDCs have known how to perform a domain-based
realm walk when serving requests for TGTs. (So if a KDC for A.B.C
receives a request for krbtgt/X.B.C and doesn't have that principal,
it can return one for krbtgt/B.C instead.) Performing the same
heuristic on the client is unnecessary and inefficient in common
cases.
Add a new function k5_client_realm_path to walk_rtree.c which uses
capaths values only, and returns a list of realms (as desired by
get_creds.c) instead of TGT names.
ticket: 6966
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25241 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/k5-int.h')
| -rw-r--r-- | src/include/k5-int.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 0bb4c164d..1682a345b 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2629,6 +2629,10 @@ krb5_error_code krb5_walk_realm_tree(krb5_context, const krb5_data *, int); krb5_error_code +k5_client_realm_path(krb5_context context, const krb5_data *client, + const krb5_data *server, krb5_data **rpath_out); + +krb5_error_code krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context, krb5_cksumtype); |