[krbdev.mit.edu #9179] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Jul 16 21:12:34 EDT 2025
Wed Jul 16 21:12:34 2025: Request 9179 was acted upon.
Transaction: Ticket created by ghudson at mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson at mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9179 >
Avoid large numbers of refresh_time cache entries
Commit 729896467e3c77904666019d6cbbda583ae49b95 amended
kg_cred_time_to_refresh() to attempt a refresh from a client keytab
when creds are close to expiration, even if no refresh_time config
entry is set (as would be the case if the creds were acquired from a
client keytab in the first place). The added conditional sets a
refresh_time config entry, which is unhelpful as it has no
corresponding check for one. kg_cred_time_to_refresh() is called
before can_get_initial_creds(), so we add a config entry on every
acquire_cred call when the creds are expired or close to expired, even
with no accessible keytab. Remove the set_refresh_time() call to
avoid this inefficient behavior.
https://github.com/krb5/krb5/commit/a656a739721868d6b271c73a0e2785de687c3bc5
Author: Greg Hudson <ghudson at mit.edu>
Commit: a656a739721868d6b271c73a0e2785de687c3bc5
Branch: master
src/lib/gssapi/krb5/acquire_cred.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
More information about the krb5-bugs
mailing list