[krbdev.mit.edu #8332] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Fri Dec 18 15:55:10 EST 2020
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8332 >
Add support for start_realm cache config
When making TGS requests, if start_realm is set in the cache, use the
named realm to look up the initial TGT for referral or cross-realm
requests. (Also correct a comment in struct _tkt_creds_context: the
ccache field is an owner pointer, not an alias.)
Add an internal API k5_cc_store_primary_cred(), which sets start_realm
if the cred being stored is a TGT for a realm other than the client
realm. Use this API when acquiring initial tickets with a
caller-specified output ccache, when renewing or validating tickets
with kinit, when accepting a delegated credential in a GSS context,
and when storing a single cred with kvno --out-cache.
https://github.com/krb5/krb5/commit/0d56740ab9fcc40dc7f46c6fbebdf8f1214f9d96
Author: Greg Hudson <ghudson at mit.edu>
Commit: 0d56740ab9fcc40dc7f46c6fbebdf8f1214f9d96
Branch: master
doc/formats/ccache_file_format.rst | 6 ++++++
src/clients/kinit/kinit.c | 2 +-
src/clients/kvno/kvno.c | 5 ++++-
src/include/k5-int.h | 4 ++++
src/lib/gssapi/krb5/accept_sec_context.c | 2 +-
src/lib/krb5/ccache/ccfns.c | 20 ++++++++++++++++++++
src/lib/krb5/krb/get_creds.c | 28 +++++++++++++++++++++-------
src/lib/krb5/krb/get_in_tkt.c | 2 +-
src/lib/krb5/libkrb5.exports | 1 +
src/lib/krb5_32.def | 3 +++
src/tests/t_crossrealm.py | 8 ++++++++
src/tests/t_pkinit.py | 3 +++
12 files changed, 73 insertions(+), 11 deletions(-)
More information about the krb5-bugs
mailing list