[krbdev.mit.edu #8235] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Aug 19 11:29:05 EDT 2015
Resolve krb5 GSS creds if time_rec is requested
The code normally tries to defer credential acquisition to a later
time. However, if the application requests the lifetime, the code
needs to resolve the credential and return the actual expiration time.
Returning 0 would cause the application to think credentials are
expired.
In the mechglue, pass through null time_rec pointers to the mech so
that the mech knows whether it was requested. In SPNEGO, pass through
time_rec to the mech when acquiring creds, via a new parameter to
get_available_mechs().
[ghudson at mit.edu: minor style changes; edit and expand commit message]
https://github.com/krb5/krb5/commit/50f426ac17a81ff5b7c212c24645b9874ea911f0
Author: Simo Sorce <simo at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 50f426ac17a81ff5b7c212c24645b9874ea911f0
Branch: master
src/lib/gssapi/krb5/acquire_cred.c | 9 ++++++++-
src/lib/gssapi/mechglue/g_acquire_cred.c | 14 +++++++++-----
src/lib/gssapi/spnego/spnego_mech.c | 15 ++++++++-------
3 files changed, 25 insertions(+), 13 deletions(-)
More information about the krb5-bugs
mailing list