[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OPENLDAP_REL_ENG_2 -> 2.0.8



> From:    "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> To:      wes@umich.edu

> At 03:27 PM 3/26/01 -0500, wes@umich.edu wrote:
> >Got it.  I support removing the TGT generation stuff.  It's dead wrong.  In
> >our deployment, it's already removed.
> 
> Feel free to integrate your (generally useful) changes...

Well, the following patch is what we're doing.  It makes valid_tgt()
always return true.  This has the effect of causing kinit() to never be
called.  If the issue is that ud won't compile against some flavors of
kerberos, it's probably necessary to actually remove the offending
code, which is (slightly) more work.

:wes

*** openldap-1.2.11/clients/ud/auth.c	Tue Mar  2 13:30:03 1999
--- openldap-1.2.11um5/clients/ud/auth.c	Mon Jun 12 16:05:31 2000
***************
*** 310,315 ****
--- 317,324 ----
  	char		name[ ANAME_SZ ], inst[ INST_SZ ], realm[ REALM_SZ ];
  	CREDENTIALS	cred;
  
+ 	return( 1 );
+ 
  	for ( i = 0; names[i] != NULL; i++ ) {
  		if ( kname_parse( name, inst, realm, names[i] ) != KSUCCESS ) {
  			fprintf( stderr, "Bad format for krbName %s\n",