[krbdev.mit.edu #8545] Use fallback realm in ccache selection
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Feb 1 15:48:25 EST 2017
When we added referral support, we divided the host-to-realm facilities
into authoritative (such as [domain_realm] configuration) and fallback
(such as uppercasing the parent domain). Authoritative results are used
prior to referrals, while fallback results are used only after we try to
get a referral from the local KDC.
ccache selection via krb5_cc_select() cannot make use of referrals
because we haven't yet chosen what ccache to use for the TGS request.
So it probably makes sense to use the fallback realm when selecting the
ccache.
More information about the krb5-bugs
mailing list