krb5_get_in_tkt_with_keytab no longer honors creds.endtime?
tlyu at MIT.EDU
Mon Apr 5 13:26:58 EDT 2004
>>>>> "john" == John Hascall <john at iastate.edu> writes:
john> Somewhere between 1.2.6 and krb5-1.3.2-beta3
john> krb5_get_in_tkt_with_keytab() seems to have
john> changed so that setting creds.endtime (as
john> documented) has no effect of the life of
john> the credentials acquired.
krb5_get_in_tkt_with_keytab() (also krb5_get_in_tkt_with_password())
was reimplemented in terms of krb5_get_init_creds() around the time of
the 1.3 release. There may be a bug in these wrappers. In any case,
I think we're trying to move away from the krb5_get_in_tkt_*() APIs in
favor of the krb5_get_init_creds() APIs.
More information about the krbdev