Credential cache searching, ccapi and file caches

Nicolas Williams Nicolas.Williams at
Wed Jul 14 18:00:42 EDT 2004

On Wed, Jul 14, 2004 at 05:29:14PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
>     Nicolas> Initiator non-GSS_C_NO_CREDENTIAL credentials acquired
>     Nicolas> for GSS_C_NO_NAME should continue to reference whatever
>     Nicolas> principal name was determined at credential acquisition
>     Nicolas> time.
> No, they should not.  I think it is more important to preserve the
> behavior that GSS_C_NO_CREDENTIAL passed into gss_init_sec_context
> works the same as GSS_C_NO_NAME passed into gss_acquire_credentials
> than it is to preserve the behavior that credentials always refer to
> the same named principal.

I don't strongly disagree, though I do disagree.  I also see no reason
to discuss this little matter as, I think, you and I agree on the primary
thing, which is that the krb5 API should have a default name/cred
concept akin to the GSS-API's.


More information about the krbdev mailing list