[krbdev.mit.edu #2106] bug in krb5_cc_remove_cred API?
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Tue Jan 6 19:42:45 EST 2004
>>>>> "gsu at UU" == gsu at UU NET via RT <rt-comment at krbdev.mit.edu> writes:
gsu at UU> I noticed that if there are more than one credentials for
gsu at UU> the same server, krb5_get_credentials returns the first
gsu at UU> one found which may be expired. I have to use
gsu at UU> krb5_cc_retrieve_cred with KRB5_TC_MATCH_TIMES option to
gsu at UU> get the good credential and send to the server for
gsu at UU> authentication. Since I have to keep getting new service
gsu at UU> ticket, I thought it would be nice if I can remove all old
gsu at UU> ones.
The logic used by krb5_mk_req in 1.3.x should correctly use only
unexpired credentials. Previous versions of Kerberos did not tend to
do this correctly.
More information about the krb5-bugs
mailing list