[krbdev.mit.edu #8555] gss_krb5_ccache_name has no effect
Jesper Alf via RT
rt-comment at krbdev.mit.edu
Tue Feb 28 17:55:14 EST 2017
We've noticed in our application that calling gss_krb5_ccache_name seems to
have no effect. Even after calling that, gss functions still end up using
the ccache set in the environment via KRB5CCNAME, and not the one we set
with gss_krb5_ccache_name
After spending a bit of time trying to trace the problem, it looks like the
issue is with the function
kg_sync_ccache_name in src/lib/gssapi/krb5/gssapi_krb5.c:
OM_uint32
> kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status)
> {
> OM_uint32 err = 0;
>
> /*
> * Sync up the context ccache name with the GSSAPI ccache name.
> * If kg_ccache_name is NULL -- normal unless someone has called
> * gss_krb5_ccache_name() -- then the system default ccache will
> * be picked up and used by resetting the context default ccache.
> * This is needed for platforms which support multiple ccaches.
> */
>
> if (!err) {
> /* if NULL, resets the context default ccache */
> err = krb5_cc_set_default_name(context,
> (char *)
> k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME));
> }
>
> *minor_status = err;
> return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
> }
>
The function never sets err, which means it never calls
krb5_cc_set_default_name. I'm not too familiar with the krb5 code, but this
looks like a bug to me.
Kind regards,
/ Jesper
--
Jesper Alf Dam | karoshealth
Software Developer
M: +45 26 15 12 35
Krumtappen 4, 3rd floor
DK-2500 Valby, Denmark
www.karoshealth.com
More information about the krb5-bugs
mailing list