-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/29/2011 03:48 AM, Jan Zelený wrote:
Jan Zelený jzeleny@redhat.com wrote:
I'm sending two patches solving selection of appropriate principal for GSSAPI authentication from keytab file.
A part of the first patch is a fix of an error present in the documentation. I did that early in the development phase of the patch and I didn't want to tamper with the finished patch any more. Sorry for this inconsistency.
Jan
This is updated version without the code mixup. Also the documentation update from my patch 007 has been sqashed to this one, so all related changes are in one patch.
Nack.
If the SDAP_SASL_AUTHID has been explicitly set, but the SDAP_SASL_REALM hasn't, why are you overriding SDAP_SASL_AUTHID with select_principal_from_keytab()?
It would be nice to have an optional return value from select_principal_from_keytab() that was the complete string, so that in ldap_child_get_tgt_sync() we can just ask for that instead of the two final_* variables. (The _primary and _realm arguments should also be optional. It should be possible to pass NULL to them and not have the results talloc_strdup()ed into them)
krb_ctx should be initialized to NULL (in case we ever put a 'goto done' before krb5_init_context())
As mentioned in other recent reviews, instead of parsing on @, please use krb5_unparse_name_flags() and krb5_principal_get_realm() to return the primary and realm components.
And as mentioned above, it would be nice to be able to return principal_string directly if requested.
In the documentation: s/canvenient/convenient
"Priority of chosen principal is this:" should be "Priority of the chosen principal is as follows:"
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/