[krbdev.mit.edu #8372] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Feb 29 16:13:24 EST 2016
Use cached S4U2Proxy tickets in GSSAPI
Ticket #7047 allowed credentials obtain using S4U2Proxy through GSSAPI
to be cached, but doesn't actually use the cached credentials. Modify
get_credentials() to check the cache for the desired client name
first, then to make an S4U2Proxy request if we don't find it.
Test this change by adding code to t_s4u.c to repeat the constrained
delegation request and verify that only three tickets are present in
the cache.
[ghudson at mit.edu: squash commits; commit message rewrite; minor style
edits; changed test code to use gss_store_cred_into() to avoid the
need to pick a principal to initialize the ccache with]
https://github.com/krb5/krb5/commit/f149b9cc1e0f8c6e7cca2ee0a5fd8feff7deaf58
Author: Isaac Boukris <iboukris at gmail.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: f149b9cc1e0f8c6e7cca2ee0a5fd8feff7deaf58
Branch: master
src/lib/gssapi/krb5/init_sec_context.c | 71 ++++++++++++++++---------------
src/tests/gssapi/t_s4u.c | 66 +++++++++++++++++++++++++++++
2 files changed, 103 insertions(+), 34 deletions(-)
More information about the krb5-bugs
mailing list