Thread-safe libraries

Ken Hornstein kenh at cmf.nrl.navy.mil
Wed Feb 25 15:21:56 EST 2004


>I think that's false.  I believe that krb5_rd_req will end up setting
>up a rcache later.

I think Cesar is right, actually.  krb5_rd_req will only set up a replay
cache if you pass in the "server" argument, which is set from creds->princ,
which is NULL if you call the gss function with GSS_C_NO_CREDENTIAL.

I believe this is why raw Kerberos apps (like telnetd) explicitly set up
a replay cache; those apps generally will accept any principal on a host.

--Ken


More information about the Kerberos mailing list