[krbdev.mit.edu #7851] Change in behaviour in the kernel keyring ccache
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Jan 24 11:43:40 EST 2014
This is an old bug, predating the 1.12 changes.
When we add a cred key to a keyring ccache, we give it a description by
just unparsing creds->server. We don't use the description for
searching, but it does clarify the output of "keyctl show" or similar.
For normal usage, this works fine, but in any kind of exotic usage it
results in credentials overwriting each other when they only match on the
server name and not other factors such as client name or requested
authdata.
More information about the krb5-bugs
mailing list