svn rev #20009: branches/krb5-1-6/ src/windows/identity/plugins/krb5/

tlyu@MIT.EDU tlyu at MIT.EDU
Fri Sep 28 20:02:44 EDT 2007 

Commit By: tlyu
Log Message: 
ticket: 5703
version_fixed: 1.6.3

pull up r19897 from trunk

 r19897 at cathode-dark-space:  jaltman | 2007-08-29 18:38:26 -0400
 ticket: new
 subject: NIM file ccache support improvements
 component: windows
 
 NIM supports the ability of the user to specify an
 explicit ccache name for use with an identity.  If
 this ccache is a FILE ccache, we need to be able to 
 store credentials into the ccache.  krb5cred.dll 
 did not previously specify the KRB5_TC_OPENCLOSE flag
 on the ccache when setting other flags such as 
 KRB5_TC_NOTICKET (which is used with MSLSA ccaches).
 As a result, open/close mode was turned off, the 
 ccache file would be opened in read-only mode and 
 attempts to store credentials into the ccache would
 fail.  This is fixed by specifying KRB5_TC_OPENCLOSE
 when setting the ccache flags.
 
 When a CCAPI implementation is unavailable, we need
 to automatically generate the FILE ccache name if 
 one has not already been specified.  We default to
 a file stored in the user's Local Settings\Temp 
 directory.  The generated ccache is then added to
 the file ccache watch list.
 
 Finally, some users have complained about the 
 behavior of Microsoft Vista's UAC mode and how
 it makes the CCAPI cache useless for storing
 credentials that must be used in conjunction 
 with processes that do not have restricted 
 privileges since those processes run in a 
 separate logon session.  For these users we 
 have added a "DefaultToFileCache" registry 
 value that can be specified to force the use
 of FILE ccaches in preference to CCAPI ccaches
 when there is no explicit ccache specified 
 for a given identity.  Unlike CCAPI ccaches,
 the FILE ccaches are accessible from both 
 restricted and unrestricted processes when
 UAC is active.




Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/windows/identity/plugins/krb5/krb5configid.c
U   branches/krb5-1-6/src/windows/identity/plugins/krb5/krb5funcs.c
U   branches/krb5-1-6/src/windows/identity/plugins/krb5/krb5newcreds.c
U   branches/krb5-1-6/src/windows/identity/plugins/krb5/krbconfig.csv

More information about the cvs-krb5 mailing list