[krbdev.mit.edu #4222] GSSAPI context being destroyed when ticket cache renewed
Russ Allbery via RT
rt-comment at krbdev.mit.edu
Wed Sep 6 17:10:25 EDT 2006
Quanah Gibson-Mount via RT <rt-comment at krbdev.mit.edu> writes:
> Sam Hartman via RT <rt-comment at krbdev.mit.edu> wrote:
>> I strongly suspect that the context is ending when it expires and that
>> SASL needs to do a better job of catching this error and reporting a
>> connection problem.
> Just to be clear, the problem happens when the ticket cache is
> refreshed. I.e., the tickets for the existing SASL/GSSAPI connection
> hadn't actually yet expired, just the ticket cache was refreshed with
> new tickets. I can understand why the SASL/GSSAPI context would be
> closed out on *expiration* but I think a refresh shouldn't have this
> effect. ;)
This makes me wonder what in GSS-API is looking at the ticket cache. I
would have thought that once the GSS-API context was established and
authentication was finished, there wouldn't be further need to look at the
Kerberos ticket cache, but apparently that's not correct?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krb5-bugs
mailing list