[krbdev.mit.edu #7707] [Comment] Credential cache API does not support atomic reinitialization
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Thu Sep 5 14:25:47 EDT 2019
https://krbdev.mit.edu/rt/Ticket/Display.html?id=7707
This is a comment. It is not sent to the Requestor(s):
However we do this, it would be good if callers had to go to minimum effort to
atomically refresh creds for a client principal.
One approach is a gic option to atomically store creds obtained by
krb5_get_init_creds_*(), to be used instead of
krb5_get_init_creds_opt_set_out_ccache(). This option could perhaps accept an
optional string argument to name the collection or ccache to refresh, and use
the default cache or collection otherwise.
More information about the krb5-bugs
mailing list