Change in behavior for krb5_get_credentials()
John Hascall
john at iastate.edu
Tue Apr 26 12:38:49 EDT 2005
> I am writing to request feedback on a change I have committed to the cvs...
> The change I have committed as RT ticket 3029 is to ignore any error codes
> returned by a call to krb5_cc_store_creds() from within the
> krb5_get_credentials()
> call. The purpose of the krb5_get_credentials() call is to obtain a
> valid set of
> credentials. The purpose of the krb5_cc_store_creds() call is to
> optimize the
> behavior for future calls. As I see it, if the credentials are valid
> that is all the
> caller of krb5_get_credentials() should be concerned with. Any KRB5_CC_xxxx
> errors which were received would have to be ignored anyway by the caller.
>
> If anyone sees a reason for treating this otherwise, please let us know.
I have code which this could break.
If krb5_get_credentials() returns success,
I assume (rightly so up until now) that future calls can
specify the KRB5_GC_CACHED option.
May I suggest KRB5_GC_IGNORE_STORE_ERRORS?
John
More information about the krbdev
mailing list