krb5_gss_acquire_cred() vs multiple credential caches
jaltman at secure-endpoints.com
Mon Feb 12 12:57:02 EST 2007
Alexandra Ellwood wrote:
> I'm talking about the output_cred_handle returned by
> krb5_gss_acquire_cred(). I will continue to assert that the
> krb5_context should not be relevant in this case because the ccache
> should be passed around in the output_cred_handle. If the code falls
> back to looking at the krb5_context then something has already gone
That will be true for a single output cred. However, if the mech glue
is calling krb5_gss_acquire_cred() multiple times, then there will be
multiple output creds. For each output cred there will be a ccache set.
> Also note that I'm not disputing the existence of the bug. I believe
> I've seen it at least once before but didn't have time to track it
> down and then couldn't reproduce it later.
When calling GSS from SSH I'm seeing multiple calls to
acquire_init_cred(). Let me see if I can narrow down where they are
all coming from.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070212/2fd75b7f/attachment.bin
More information about the krbdev