[krbdev.mit.edu #8737] gss_add_cred() ignores desired_name if creating a new credential
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Thu Sep 13 17:22:59 EDT 2018
gss_add_cred() only processes desired_name into an internal name if an
input cred handle is given. There is no reason to apply this
condition, and acquiring a mech cred for the default name instead of
the caller-provided name is clearly the wrong behavior.
Commit 25ee704e83c2c63d4b5ecd12ea31c1979239041e (ticket 7217) altered
the code so that an internal name is generated if a cred store is given
but no input cred handle.
This bug was present in the Solaris mechglue but was fixed in changeset
191d30c3be82 with bug number 6285582.
More information about the krb5-bugs
mailing list