Change in behavior for krb5_get_credentials()

John Hascall john at
Tue Apr 26 12:38:49 EDT 2005

> I am writing to request feedback on a change I have committed to the cvs...

> The change I have committed as RT ticket 3029 is to ignore any error codes
> returned by a call to krb5_cc_store_creds() from within the
> krb5_get_credentials()
> call.   The purpose of the krb5_get_credentials() call is to obtain a
> valid set of
> credentials.  The purpose of the krb5_cc_store_creds() call is to
> optimize the
> behavior for future calls.  As I see it, if the credentials are valid
> that is all the
> caller of krb5_get_credentials() should be concerned with.  Any KRB5_CC_xxxx
> errors which were received would have to be ignored anyway by the caller.
> If anyone sees a reason for treating this otherwise, please let us know.

I have code which this could break.
If krb5_get_credentials() returns success,
I assume (rightly so up until now) that future calls can
specify the KRB5_GC_CACHED option.


More information about the krbdev mailing list