diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2007-03-16 10:27:46 -0400 |
|---|---|---|
| committer | Neil Brown <neilb@suse.de> | 2007-03-19 09:47:37 +1100 |
| commit | fbff46da25a0a578136fd92a6b66e807b6599ca3 (patch) | |
| tree | 9e09a7e6d7a69d881edfd8ec324f090ab8585819 /utils/gssd/krb5_util.c | |
| parent | 1a5b79866092e5061f3a6d2cd1a644f47e65ba3a (diff) | |
| download | nfs-utils-fbff46da25a0a578136fd92a6b66e807b6599ca3.tar.gz nfs-utils-fbff46da25a0a578136fd92a6b66e807b6599ca3.tar.xz nfs-utils-fbff46da25a0a578136fd92a6b66e807b6599ca3.zip | |
Allow any credential to be used for machine credentials
Don't restrict machine credentials to be "nfs/<machine.name>".
Use any usable credentials contained in the keytab file.
[We actually attempt to use the first entry found for each
realm, not every entry, in the keytab.]
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Diffstat (limited to 'utils/gssd/krb5_util.c')
| -rw-r--r-- | utils/gssd/krb5_util.c | 22 |
1 files changed, 6 insertions, 16 deletions
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index cd777e4..f1682b8 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -448,7 +448,7 @@ gssd_have_realm_ple(void *r) /* * Process the given keytab file and create a list of principals we - * might use to perform mount operations. + * might use as machine credentials. * * Returns: * 0 => Sucess @@ -465,9 +465,8 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) /* * Look through each entry in the keytab file and determine - * if we might want to use it later to do a mount. If so, - * save info in the global principal list - * (gssd_k5_kt_princ_list). + * if we might want to use it as machine credentials. If so, + * save info in the global principal list (gssd_k5_kt_princ_list). * Note: (ple == principal list entry) */ if ((code = krb5_kt_start_seq_get(context, kt, &cursor))) { @@ -490,18 +489,9 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) } printerr(2, "Processing keytab entry for principal '%s'\n", pname); -#ifdef HAVE_KRB5 - if ( (kte.principal->data[0].length == GSSD_SERVICE_NAME_LEN) && - (strncmp(kte.principal->data[0].data, GSSD_SERVICE_NAME, - GSSD_SERVICE_NAME_LEN) == 0) && -#else - if ( (strlen(kte.principal->name.name_string.val[0]) == GSSD_SERVICE_NAME_LEN) && - (strncmp(kte.principal->name.name_string.val[0], GSSD_SERVICE_NAME, - GSSD_SERVICE_NAME_LEN) == 0) && - -#endif - (!gssd_have_realm_ple((void *)&kte.principal->realm)) ) { - printerr(2, "We will use this entry (%s)\n", pname); + /* Just use the first keytab entry found for each realm */ + if ((!gssd_have_realm_ple((void *)&kte.principal->realm)) ) { + printerr(2, "We WILL use this entry (%s)\n", pname); ple = malloc(sizeof(struct gssd_k5_kt_princ)); if (ple == NULL) { printerr(0, "ERROR: could not allocate storage " |