krb5_get_in_tkt_with_keytab no longer honors creds.endtime?
John Hascall
john at iastate.edu
Mon Apr 5 15:44:57 EDT 2004
> >>>>> "John" == John Hascall <john at iastate.edu> writes:
> John> Somewhere between 1.2.6 and krb5-1.3.2-beta3
> John> krb5_get_in_tkt_with_keytab() seems to have changed so that
> John> setting creds.endtime (as documented) has no effect of the
> John> life of the credentials acquired.
>
> John> Is this a new "feature"? (it is quite annoying)
>
> John> It seems to me like, after krb5_get_in_tkt_with_keytab()
> John> calls krb5int_populate_gic_opt() it ought to do something
> John> like this:
>
> Wouldn't it be better to pass creds into krb5int_populate_gic_opt and
> do the work there?
That seems reasonable (I am assuming krb5int_populate_gic_opt isn't
called a million places), but Tom Yu's message suggests it might be
deprecated...
>
> I'd certainly be happy to evaluate a patch that did this for 1.4 or
> 1.3.4 if that ever happens.
OK.
John
More information about the krbdev
mailing list