Credential cache searching, ccapi and file caches
Nicolas.Williams at sun.com
Wed Jul 14 18:00:42 EDT 2004
On Wed, Jul 14, 2004 at 05:29:14PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> Nicolas> Initiator non-GSS_C_NO_CREDENTIAL credentials acquired
> Nicolas> for GSS_C_NO_NAME should continue to reference whatever
> Nicolas> principal name was determined at credential acquisition
> Nicolas> time.
> No, they should not. I think it is more important to preserve the
> behavior that GSS_C_NO_CREDENTIAL passed into gss_init_sec_context
> works the same as GSS_C_NO_NAME passed into gss_acquire_credentials
> than it is to preserve the behavior that credentials always refer to
> the same named principal.
I don't strongly disagree, though I do disagree. I also see no reason
to discuss this little matter as, I think, you and I agree on the primary
thing, which is that the krb5 API should have a default name/cred
concept akin to the GSS-API's.
More information about the krbdev