Thread-safe libraries
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Feb 25 16:06:53 EST 2004
>According to strace ...
>
>1.2.8 app server with named credential - opens an rcache.
>1.3.1 app server with no credential - no evidence of rcache being
>opened.
Hm, regarding my previous note ....
It looks like I was wrong, krb5_rd_req() will get a replay cache even if
the passed-in server is NULL, because it gets the server name from the
ticket.
>wrt to krb5_rd_req - it looks like rcache is obtained only if
>auth_context_flags includes KRB5_AUTH_CONTEXT_DO_TIME.
>
>accept_sec_context clearly sets auth_context with
>KRB5_AUTH_CONTEXT_DO_SEQUENCE.
Looks like the right thing to do here is change accept_sec_context() to
set KRB5_AUTH_CONTEXT_DO_SEQUENCE.
--Ken
More information about the Kerberos
mailing list