Change in behavior for krb5_get_credentials()

Jeffrey Altman jaltman at MIT.EDU
Tue Apr 26 18:32:36 EDT 2005

Ken Raeburn wrote:

> If you return a null pointer or a valid pointer for the credential
> handle, it's easy to check independent of the specific error returned.
> Ken

Unfortunately, we can't even count on this behavior because the existing
interface does not set *out_creds to NULL on failure.   It is the
responsibility of the caller to set *out_creds to NULL before the call.

It is only going to be safe to return credentials on error condition if
the caller sets a flag indicating that they are going to perform the
necessary checks.

Jeffrey Altman

More information about the krbdev mailing list