[krbdev.mit.edu #8462] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Jul 22 11:47:00 EDT 2016
Better handle failures to resolve client keytab
In krb5_gss_acquire_cred(), treat failure to resolve the client keytab
similarly to a client keytab which resolves but does not exist or has
no entries. The client keytab could fail to resolve if its name
contains %{username} and the current process is acting on behalf of
the NSS system.
[ghudson at mit.edu: rewrote commit message; changed tracing call to use
a macro; cleared error message when ignoring krb5_kt_client_default()
error; added test case]
https://github.com/krb5/krb5/commit/bd2c2a02e22c609b3c7e9f92d6634e151d14e478
Author: Will Fiveash <will.fiveash at oracle.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: bd2c2a02e22c609b3c7e9f92d6634e151d14e478
Branch: master
src/include/k5-trace.h | 3 +++
src/lib/gssapi/krb5/acquire_cred.c | 23 ++++++++++++++++++++---
src/lib/gssapi/krb5/iakerb.c | 4 +++-
src/tests/gssapi/t_client_keytab.py | 10 ++++++++++
4 files changed, 36 insertions(+), 4 deletions(-)
More information about the krb5-bugs
mailing list