Sam Hartman hartmans at MIT.EDU
Thu Mar 25 19:15:46 EST 2004

I implemented the change I proposed earlier and went to go test it.  I found the following implementation of krb5_cc_gen_new:

krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new (krb5_context context, krb5_ccache *cache)
    return (*cache)->ops->gen_new(context, cache);

IT seems like gen_new should set up a new ccache.  Certainly the fcc
and mcc implementations do this.

So to use this API correctly, I think I need to:

* call krb5_cc_resolv with a bogus residual part to set of a ccache structure
* save  a copy of that ccache structure
* call krb5_cc_gen_new overwriting the  the original ccache structure
* call krb5_cc_close on my copy of the ccache structure

That seems nonintuitive at the least and completely broken on top.  O
  and since krb5_ccache is opaque, I actually can't even use the API
  without leaking memory.

Perhaps we should rethink.

More information about the krbdev mailing list