gss_acquire_cred with GSS_C_BOTH usage option

Ken Raeburn raeburn at MIT.EDU
Thu Sep 29 07:30:01 EDT 2005

On Sep 28, 2005, at 17:57, Sam Hartman wrote:
> I see your point and I agree the Heimdal behavior is useful in the
> case you describe.

Me too.

> However it seems to violate the principle of least surprise.  If I
> change my application to start requesting initiator credentials
> instead of both credentials then initiator credentials can stop
> working if I don't have a current cache.

Either I'm misunderstanding what you mean, or I'm confused.  It seems  
to me it's only the effect on the initiator side of things (in a  
single exchange) that we're discussing.  Why would "initiator" versus  
"both" make a difference?


More information about the krbdev mailing list