krb5_gss_acquire_cred() vs multiple credential caches
Alexandra Ellwood
lxs at MIT.EDU
Mon Feb 12 12:44:03 EST 2007
On Feb 12, 2007, at 12:07 PM, Jeffrey Altman wrote:
>> It sounds like either output_cred_handle is not being created
>> correctly or is not being passed around properly.
> The problem was occurring within gss_acquire_cred() before the
> output_cred_handle was returned to the caller.
>
> krb5_gss_acquire_cred() is called multiple times within
> gss_acquire_cred() and each time krb5_gss_acquire_cred() was
> allocating
> a new krb5_context and the logic that would have obtained the
> previously
> returned ccache name was failing.
>
> I think we are all in agreement with how this code should behave.
>
I'm talking about the output_cred_handle returned by
krb5_gss_acquire_cred(). I will continue to assert that the
krb5_context should not be relevant in this case because the ccache
should be passed around in the output_cred_handle. If the code falls
back to looking at the krb5_context then something has already gone
wrong.
Also note that I'm not disputing the existence of the bug. I believe
I've seen it at least once before but didn't have time to track it
down and then couldn't reproduce it later.
--lxs
Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>
More information about the krbdev
mailing list