krb5_gss_acquire_cred() vs multiple credential caches
Jeffrey Altman
jaltman at secure-endpoints.com
Mon Feb 12 13:51:55 EST 2007
Simon Wilkinson wrote:
>> When calling GSS from SSH I'm seeing multiple calls to
>> acquire_init_cred(). Let me see if I can narrow down where they are all coming from.
>
> If you're using my OpenSSH key exchange code, or a derivative, the code tests each GSSAPI mech before offering it to the other side. These tests will result in multiple calls - the credentials aren't currently cached for use when actually doing the authentication.
>
> Simon.
>
confirmed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070212/8d3fd675/attachment.bin
More information about the krbdev
mailing list