krb5_get_in_tkt_with_keytab no longer honors creds.endtime?

Sam Hartman hartmans at MIT.EDU
Mon Apr 5 16:16:17 EDT 2004

>>>>> "John" == John Hascall <john at> writes:

    >> >>>>> "John" == John Hascall <john at> writes:
    John> Somewhere between 1.2.6 and krb5-1.3.2-beta3
    John> krb5_get_in_tkt_with_keytab() seems to have changed so that
    John> setting creds.endtime (as documented) has no effect of the
    John> life of the credentials acquired.
    John> Is this a new "feature"?  (it is quite annoying)
    John> It seems to me like, after krb5_get_in_tkt_with_keytab()
    John> calls krb5int_populate_gic_opt() it ought to do something
    John> like this:
    >>  Wouldn't it be better to pass creds into
    >> krb5int_populate_gic_opt and do the work there?

    John>     That seems reasonable (I am assuming
    John> krb5int_populate_gic_opt isn't called a million places), but
    John> Tom Yu's message suggests it might be deprecated...

It certainly is deprecated but that doesn't mean it has to be broken;)

More information about the krbdev mailing list