jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 23:10:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

STABLE14-aklog-attempt-order-comments-20081029

Browse Source 
LICENSE IPL10

to clarify what gets tried when and why.


(cherry picked from commit 50e1e59a92)
This commit is contained in:
Simon Wilkinson 2008-10-29 19:44:10 +00:00 committed by Derrick Brashear
parent f1f9a119cd
commit 9fa1eeefd5
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/aklog/aklog_main.c
View File

@ -463,7 +463,27 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
retry = 1;
while(retry) {
/* This code tries principals in the following, much debated,
* order:
*
* If the realm is specified on the command line we do
* - afs/cell@COMMAND-LINE-REALM
* - afs@COMMAND-LINE-REALM
*
* Otherwise, we do
* - afs/cell@REALM-FROM-USERS-PRINCIPAL
* - afs/cell@krb5_get_host_realm(db-server)
* Then, if krb5_get_host_realm(db-server) is non-empty
* - afs@ krb5_get_host_realm(db-server)
* Otherwise
* - afs/cell@ upper-case-domain-of-db-server
* - afs@ upper-case-domain-of-db-server
*
* In all cases, the 'afs@' variant is only tried where the
* cell and the realm match case-insensitively.
*/
/* Cell on command line - use that one */
if (realm && realm[0]) {
realm_of_cell = realm;