krb5_gss_acquire_cred() vs multiple credential caches

Jeffrey Altman jaltman at
Mon Feb 12 12:57:02 EST 2007

Alexandra Ellwood wrote:
> I'm talking about the output_cred_handle returned by
> krb5_gss_acquire_cred().  I will continue to assert that the
> krb5_context should not be relevant in this case because the ccache
> should be passed around in the output_cred_handle.  If the code falls
> back to looking at the krb5_context then something has already gone
> wrong.
That will be true for a single output cred.  However, if the mech glue
is calling krb5_gss_acquire_cred() multiple times, then there will be
multiple output creds.  For each output cred there will be a ccache set.
> Also note that I'm not disputing the existence of the bug.  I believe
> I've seen it at least once before but didn't have time to track it
> down and then couldn't reproduce it later.
When calling GSS from SSH I'm seeing multiple calls to
acquire_init_cred().   Let me see if I can narrow down where they are
all coming from.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list