[krbdev.mit.edu #1545] krb_mk_req_creds probably ought not to zero the session key
via RT
rt-comment at krbdev.mit.edu
Sun Jun 1 19:19:43 EDT 2003
Attempting to do something useful with krb_mk_req_creds in 1.3beta2, I
discovered that it zeroed out the session key in the supplied CREDENTIAL
structure. This makes sense for krb_mk_req which never supplies the
CREDENTIAL structure to the user, but is sort of annoying if you were
intending to use the session key later. (Also sort of ungood if you
haven't already stashed the credentials for later.)
I can't come up with a use case where it's really the right thing.
More information about the krb5-bugs
mailing list