Credential cache searching, ccapi and file caches

Sam Hartman hartmans at MIT.EDU
Wed Jul 14 17:29:14 EDT 2004

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> Initiator non-GSS_C_NO_CREDENTIAL credentials acquired
    Nicolas> for GSS_C_NO_NAME should continue to reference whatever
    Nicolas> principal name was determined at credential acquisition
    Nicolas> time.

No, they should not.  I think it is more important to preserve the
behavior that GSS_C_NO_CREDENTIAL passed into gss_init_sec_context
works the same as GSS_C_NO_NAME passed into gss_acquire_credentials
than it is to preserve the behavior that credentials always refer to
the same named principal.

In the default case we're shooting for we won't know what named
credential to use until we know what the target name is.

More information about the krbdev mailing list