OpenAFS CVS Commit: openafs/src/WINNT/afsd by jaltman

cvs@GRAND.CENTRAL.ORG cvs@GRAND.CENTRAL.ORG
Sat, 29 Mar 2008 23:30:54 EDT


Update of /cvs/openafs/src/WINNT/afsd
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-head/src/WINNT/afsd

Modified Files:
	afskfw.c 
Log Message:
DELTA windows-use-client-realm-for-tokens-20080329
AUTHOR jaltman@secure-endpoints.com
LICENSE MIT

Two recent changes to the AFS/Kerberos landscape have been causing 
problems for aklog and related modules.  First, the support for multiple
local realms for the cell has broken the pts auto-registration code
when the realm used for the token acquisition does not match the 
realm belonging to the selected vldb server.  Second, Kerberos referrals
prevents detection of the realm of the vldb server.  

This commit adds a new method of searching for the afs service principal.
The first attempt is for afs/<cell>@<CLIENT-REALM>.  If found, the 
<CLIENT-REALM> is used as the realm of the cell.

The patch adds error handling for KRB5_ERR_HOST_REALM_UNKNOWN which is
returned when krb5_get_host_realm() can't determine the realm.

Duplicate queries are also avoided and copy_realm_of_ticket() is 
properly employed.



--- DELTA config follows ---
windows-use-client-realm-for-tokens-20080329 openafs/src/WINNT/afsd/afskfw.c 1.44 1.45