Thread-safe libraries
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Feb 25 15:21:56 EST 2004
>I think that's false. I believe that krb5_rd_req will end up setting
>up a rcache later.
I think Cesar is right, actually. krb5_rd_req will only set up a replay
cache if you pass in the "server" argument, which is set from creds->princ,
which is NULL if you call the gss function with GSS_C_NO_CREDENTIAL.
I believe this is why raw Kerberos apps (like telnetd) explicitly set up
a replay cache; those apps generally will accept any principal on a host.
--Ken
More information about the Kerberos
mailing list