oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Try afs/cell@REALM before afs@REALM since that is what OpenAFS folks

Browse Source 
have been saying is best pratices for some time now.

Patch from Derrick Brashear.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23373 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-07-17 20:42:42 +00:00
parent 97aa9055da
commit fbdd3b822d
1 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/kafs/common.c
View File

@@ -437,17 +437,6 @@ _kafs_get_cred(struct kafs_data *data,
_kafs_foldup(CELL, cell); _kafs_foldup(CELL, cell);
/*
* If cell == realm we don't need no cross-cell authentication.
* Try afs@REALM.
*/
if (strcmp(CELL, realm) == 0) {
ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
"", realm, uid, kt);
if (ret == 0) return 0;
/* Try afs.cell@REALM below. */
}
/* /*
* If the AFS servers have a file /usr/afs/etc/krb.conf containing * If the AFS servers have a file /usr/afs/etc/krb.conf containing
* REALM we still don't have to resort to cross-cell authentication. * REALM we still don't have to resort to cross-cell authentication.
@@ -457,6 +446,16 @@ _kafs_get_cred(struct kafs_data *data,
cell, realm, uid, kt); cell, realm, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
/*
* If cell == realm we don't need no cross-cell authentication.
* Try afs@REALM.
*/
if (strcmp(CELL, realm) == 0) {
ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
"", realm, uid, kt);
if (ret == 0) return 0;
}
/* /*
* We failed to get ``first class tickets'' for afs, * We failed to get ``first class tickets'' for afs,
* fall back to cross-cell authentication. * fall back to cross-cell authentication.