[krbdev.mit.edu #8156] Create anonymous memory ccache in gss_acquire_cred_from
Simo Sorce via RT
rt-comment at krbdev.mit.edu
Thu Mar 19 09:51:20 EDT 2015
When we implemented gss_acquire_cred_from() we did not set the rules of
where to store acquired credentials if no ccache item is provided by the
caller.
Because of the way the code is structured this resulted in the
credentials being stored into the default user ccache.
This is undesirable as a failure to set an explicit ccache in the
configuration apssed to the functrion risks overriding the credentials
being used by the user of the program.
If no 'ccache' element is passed in the function an anoymous MEMORY
credentil should be generated instead.
gss_store_cred_into() can then be used should the program decide to
store such credentials in some permanent credential cache.
These emails to kitten gives some background on why this is important:
http://www.ietf.org/mail-archive/web/kitten/current/msg05439.html
http://www.ietf.org/mail-archive/web/kitten/current/msg05440.html
More information about the krb5-bugs
mailing list