gss_acquire_cred with GSS_C_BOTH usage option
Nathan Huff
Nathan.Huff at ndsu.edu
Thu Sep 29 10:46:46 EDT 2005
On Wed, Sep 28, 2005 at 05:57:34PM -0400, Sam Hartman wrote:
> I see your point and I agree the Heimdal behavior is useful in the
> case you describe.
>
> However it seems to violate the principle of least surprise. If I
> change my application to start requesting initiator credentials
> instead of both credentials then initiator credentials can stop
> working if I don't have a current cache.
>
Actually with Heimdal's code I don't think it will since it tries to
fall back to the keytab whether you ask for initiator creds or for
both. The application should still behave the same.
> I'm not sure how to resolve these requirements.
>
> --Sam
>
--
Nathan Huff Nathan.Huff at ndsu.edu
Information Technology Services (701) 231-6145 (Voice)
Room 242H, IACC Building
North Dakota State University, Fargo, ND 58105-5164
More information about the krbdev
mailing list