[krbdev.mit.edu #7046] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Dec 7 14:38:14 EST 2011
The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache). To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25529
Commit By: ghudson
Revision: 25529
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/gssapi/krb5/acquire_cred.c
U trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
U trunk/src/lib/gssapi/krb5/init_sec_context.c
U trunk/src/lib/gssapi/krb5/rel_cred.c
U trunk/src/lib/gssapi/krb5/s4u_gss_glue.c
U trunk/src/lib/gssapi/krb5/store_cred.c
U trunk/src/lib/gssapi/krb5/val_cred.c
More information about the krb5-bugs
mailing list