[krbdev.mit.edu #5802] AutoReply: libgssapi mechglue doesn't always store delegated credentials
nalin@redhat.com via RT
rt-comment at krbdev.mit.edu
Wed Oct 3 08:24:39 EDT 2007
On Tue, Oct 02, 2007 at 06:18:05PM -0400, Tom Yu via RT wrote:
> Is the application passing in non-null deleg_cred_handle but null
> ret_flags?
It was (mod_auth_kerb).
> I would suspect that the right thing to do is to actually
> have accept_sec_context() fill in the cred handle but skip storing the
> flags.
>
> For these reasons I think the first patch is probably right.
Makes sense. I was figuring that a null ret_flags might be taken as a
hint that the calling application wouldn't "know" that it needed to
dispose of delegated credentials, so we'd be leaking memory in some
cases, but I can believe that that's a problem with the application.
Thanks,
Nalin
More information about the krb5-bugs
mailing list