Module Name:	krb5
Committed By:	jaltman
Date:		Fri Dec 19 00:19:21 UTC 2003

Modified Files:
	 krb5/src/lib/krb5/ccache/ChangeLog
		krb5/src/lib/krb5/ccache/cc_mslsa.c
		krb5/src/lib/krb5/ccache/cc_retr.c
Added Files:

Removed Files:


Log Message
ticket: 2049

   * cc_retr.c:  Extract the test to determine if a credential matches
     a requested credential according to the specified fields into
     a private function: krb5int_cc_creds_match_request()

   * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to
     perform a MS Kerberos LSA ticket request if there is no matching
     credential in the cache.  The MS Kerberos LSA places the following
     restriction on what tickets it will place into the LSA cache:
         tickets obtained by an application request for a specific
         set of kerberos flags or enctype will not be cached.
     Therefore, we first make a request with no flags or enctype in
     the hope that we will be lucky and get the right ones anyway.
     If not, we make the application's request and return that ticket
     if it matches the other criteria.

     Implemented a similar technique for krb5_lcc_store().  Since we
     can not write to the cache, when a store request is made we
     instead perform a ticket request through the lsa for a matching
     credential.  If we receive one, we return success.  Otherwise,
     we return the KRB5_CC_READONLY error.

   With these changes I am now able to operate entirely with the MSLSA
   ccache as the default cache provided the MS LSA credentials are
   for the principal I wish to use.  Obviously, one cannot change
   principals while the MSLSA ccache is the default.


To generate a diff of this commit:
	cvs diff -r5.91 -r5.92 krb5/src/lib/krb5/ccache/ChangeLog
	cvs diff -r5.3 -r5.4 krb5/src/lib/krb5/ccache/cc_mslsa.c
	cvs diff -r5.4 -r5.5 krb5/src/lib/krb5/ccache/cc_retr.c