use_conf_ktypes
Mike Patnode
mike.patnode at centrify.com
Thu Aug 14 13:33:00 EDT 2008
Can someone explain the thinking behind use_conf_ktypes? I'm trying to
eliminate the repeated parsing of krb5.conf on every ticket request by
configuring my context appropriately, and found the code doesn't want me
to do that. Here from init_ctx.c: krb5_get_tgs_ktypes()
if (context->use_conf_ktypes)
/* This one is set *only* by reading the config file; it's not
set by the application. */
return(get_profile_etype_list(context, ktypes,
"default_tgs_enctypes",
0, NULL));
else
return(get_profile_etype_list(context, ktypes,
"default_tgs_enctypes",
context->tgs_ktype_count,
context->tgs_ktypes));
Then in krb5_fwd_tgt_creds():
/* fetch tgt directly from cache */
context->use_conf_ktypes = 1;
retval = krb5_cc_retrieve_cred (context, cc,
KRB5_TC_SUPPORTED_KTYPES,
&creds, &tgt);
context->use_conf_ktypes = old_use_conf_ktypes;
Why in this case is it necessary to ignore the application's supported
encryption type list?
More information about the krbdev
mailing list