>>>>> "Douglas" == Douglas E Engert <[EMAIL PROTECTED]> writes:
Douglas> The patch was added to let krb5_rd_req use any entry in
Douglas> the keytab, even if a desired_name was passed, check only
Douglas> the service and host. This is consistent with the
Douglas> gss_import_name which only allows the application to
Douglas> specify the service and host and not the realm, therefore
Douglas> don't assume the realm.
We believe that patch would break the intended functioning of the API.
We believe that current MIT Kerberos should accept any principal in the keytab
if no acceptor name is passed into gss_accept_sec_context.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
