mirror of
https://git.freebsd.org/src.git
synced 2026-01-11 19:57:22 +00:00
b0e7b55a0e
PRINC_LOOK_AHEAD is the upstream default. Normally ksu determines the target princiapl by (quoted from the man page) a. default principal of the source cache b. target_user@local_realm c. source_user@local_realm With PRINC_LOOK_AHEAD emabled, for each candidate in the above list, select an authorized principal that has the same realm name and first part of the principal name equal to the prefix of the candidate. For example if candidate a) is jqpublic@ISI.EDU and jqpublic/secure@ISI.EDU is authorized to access the target account then the default principal is set to jqpublic/secure@ISI.EDU. Case 2: source user is root. If the target user is non-root then the default principal name is target_user@local_realm. Else, if the source cache exists the default principal name is set to the default principal of the source cache. If the source cache does not exist, default principal name is set to root\@local_realm. This commit restores the same behaviour as Heimdal ksu. Reported by: Dan Mahoney <dmahoney@isc.org> Requested by: Dan Mahoney <dmahoney@isc.org> MFC after: 3 days MFC to: 15/stable Differential revision: https://reviews.freebsd.org/D52478 |
||
|---|---|---|
| .. | ||
| gss-client | ||
| kadmin | ||
| kdestroy | ||
| kinit | ||
| klist | ||
| kpasswd | ||
| ksu | ||
| kswitch | ||
| ktutil | ||
| kvno | ||
| sclient | ||
| sim_client | ||
| Makefile | ||
| Makefile.inc | ||