[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: API differences between Heimdal and MIT



On Thu, Feb 02, 2006 at 04:17:53PM +0200, Juha Jäykkä wrote:

> The problem lies in the behaviour of krb5_kuserok(). MIT returns TRUE, if
> .k5login cannot be accessed, Heimdal returns FALSE. In my opinion, MIT's
> behaviour is correct and Heimdal's is not. My reasoning, in short, is that
> since they both check that the user is trying to log in as oneself (and
> return false if this is not the case) if .k5login cannot be accessed.
> What's the point in checking this if false is returned nevertheless?

Please do not use misleading subjects. This is a behavior difference,
not an API difference. An API difference would be if krb5_userok()
accepted a different number of arguments in MIT and Heimdal, for
example.

Otherwise, I'm using libpam-heimdal and I have no problem with .k5login
being missing.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------