On Fri, 2008-04-04 at 01:49 -0600, Shawn M Emery wrote: > Mark Phalan wrote: ... > > More generally looks like "def_realm" is leaked in this function. > > > def_realm: done. > >> BTW, uses identical code as get master, but > >> that can be handled in a separate bug. > >> > > > > Have you filed it or should I? > > > Please, go ahead.
6692652 def_realm is leaked in kadm5_get_master() ... > >> > kclient.sh: > >> > 46,47,57,193,821,1009,1010,1023,1044,1105,1114,1174,1240,1311,1312 > >> > Message should to to stderr > >> > > >> This fix is doesn't change this behavior, a separate bug should be filed > >> instead. > >> > > > > Want me to file it? > > > Please, go ahead. 6692646 kclient should output errors to stderr ... > >> > kclient.sh: 1439-1451 > >> > uid checks against 0 aren't kosher any more. The user may have > >> > the relevent execution profiles/authorizations/privileges. The > >> > error messages should inform the user what execution > >> > > >> Hmm, not relevant to these changes and this check is still valid as the > >> user that belongs to the "Kerberos Client Management" protocol is given > >> an effective uid of 0. > >> > > > > Ok, I guess I can open a low priority bug on this. > > > Yes, low priority, given the fact that the regex will match either uid > or euid (which the associated profile specifies). 6692648 kclient shouldn't check for a uid of '0' -Mark
