[krbdev.mit.edu #2106] bug in krb5_cc_remove_cred API?
gsu@UU.NET via RT
rt-comment at krbdev.mit.edu
Tue Jan 6 17:14:37 EST 2004
On Tue, 6 Jan 2004, Sam Hartman via RT wrote:
> gsu> So there is no way that I can remove any expired credential?
>
> Correct, but it is probably not a major problem; expired credentials
> will not be used. If your cache is getting too full, remove all the
> credentials and get a new TGT.
>
I noticed that if there are more than one credentials for the same server,
krb5_get_credentials returns the first one found which may be expired.
I have to use krb5_cc_retrieve_cred with KRB5_TC_MATCH_TIMES option
to get the good credential and send to the server for authentication.
Since I have to keep getting new service ticket, I thought it would be
nice if I can remove all old ones.
Thank you for the info.
More information about the krb5-bugs
mailing list