gss_acquire_cred with GSS_C_BOTH usage option

Nathan Huff Nathan.Huff at
Thu Sep 29 10:46:46 EDT 2005

On Wed, Sep 28, 2005 at 05:57:34PM -0400, Sam Hartman wrote:
> I see your point and I agree the Heimdal behavior is useful in the
> case you describe.
> However it seems to violate the principle of least surprise.  If I
> change my application to start requesting initiator credentials
> instead of both credentials then initiator credentials can stop
> working if I don't have a current cache.
Actually with Heimdal's code I don't think it will since it tries to
fall back to the keytab whether you ask for initiator creds or for 
both.  The application should still behave the same.   
> I'm not sure how to resolve these requirements.
> --Sam

Nathan Huff                            Nathan.Huff at
Information Technology Services        (701) 231-6145 (Voice)
Room 242H, IACC Building
North Dakota State University, Fargo, ND 58105-5164

More information about the krbdev mailing list