krb5_get_in_tkt_with_keytab no longer honors creds.endtime?

Tom Yu tlyu at MIT.EDU
Mon Apr 5 13:26:58 EDT 2004

>>>>> "john" == John Hascall <john at> writes:

john> Somewhere between 1.2.6 and krb5-1.3.2-beta3
john> krb5_get_in_tkt_with_keytab() seems to have
john> changed so that setting creds.endtime (as
john> documented) has no effect of the life of
john> the credentials acquired.

krb5_get_in_tkt_with_keytab() (also krb5_get_in_tkt_with_password())
was reimplemented in terms of krb5_get_init_creds() around the time of
the 1.3 release.  There may be a bug in these wrappers.  In any case,
I think we're trying to move away from the krb5_get_in_tkt_*() APIs in
favor of the krb5_get_init_creds() APIs.


More information about the krbdev mailing list