[krbdev.mit.edu #2620] Don't expire contexts when tickets expire
Douglas E. Engert
deengert at anl.gov
Fri Jul 2 11:59:30 EDT 2004
Sam Hartman via RT wrote:
>
> we have agreed to a customer requirement that context expiration not
> happen when ticket expiration happens.
>
> The tricky part here is to figure out what gss_inquire_context should
> return. I'd really rather make the lifetime advisory but I'm not sure
> that is consistent with the spec.
It may not be consistent, but it is the pratical thing to do.
This should be one of the issues for KITTEN.
I ran into a similiar problem with using Globus with gssklog. The gssklog
uses gss_inquire_context to get the lifetime of the context to determing
the lifetime of the AFS token to issue if no other lifetime is given
this is the only way to test the credentials of the peer. The Globus code
was not testing the credentials correctly. It has since been fixed.
>
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krb5-bugs
mailing list