[krbdev.mit.edu #1305] Spec considered

Sam Hartman via RT rt-comment at krbdev.mit.edu
Wed Feb 5 16:31:18 EST 2003



Marc Horowitz pointed out that we need to be careful to preserve
behavior mandated by the spec.  I've looked at the spec and I believe
that we can solve this provided that gss_inquire_cred still does
something useful with the default credentials.

I believe for example it would be reasonable to refresh the default
credentials during each init_sec_context and accept_sec_context call.
Provided that the system credentials have not changed, then things
will continue to work.


There are some multi-mechanism issues to consider eventually.




More information about the krb5-bugs mailing list