Change in behavior for krb5_get_credentials()
Andrew Bartlett
abartlet at samba.org
Tue Apr 26 18:40:19 EDT 2005
On Tue, 2005-04-26 at 18:17 -0400, Jeffrey Hutzelman wrote:
>
> On Tuesday, April 26, 2005 05:57:28 PM -0400 Sam Hartman <hartmans at mit.edu>
> wrote:
>
> > 1) Jeff's change.
> >
> > 2) Free the credentials on store error and return failure. Add a flag
> > saying that we are prepared to accept credentials on error and use
> > that in GSSAPI.
> >
> > 3) Jeff's change plus an flag saying you want store errors. Clearly
> > document whether you get credentials on store errors. (I vote no)
>
>
> I vote for option (1).
While Samba is unlikely to run against the mslsa krb5 ccache any time
soon, I think (1) sounds sane, otherwise (3). In the (3) case, I don't
mind the idea that the function NULLs out the credentials at the start,
and the app can check that for something to free, but whatever happens,
document it...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050427/d7bd80b6/attachment.bin
More information about the krbdev
mailing list