Ticket #8152 gss_acquire_cred_with_password() ignores expired creds
Greg Hudson
ghudson at mit.edu
Sun Jun 21 01:55:36 EDT 2015
On 06/20/2015 01:38 PM, Sorin Manolache wrote:
> Thank you for the information. However I didn't get how you intend to
> change the behaviour.
Sorry if the ticket wasn't clear. As Ben explained, credentials will be
fetched into a unique memory ccache. The idea is that if you want to
interact with the shared cache, you can use gss_acquire_cred()
beforehand and gss_store_cred() afterwards. This new behavior matches
the original behavior of the function when it was introduced in Solaris;
I misguidedly changed it when we first introduced the function into MIT
krb5.
> The ticket mentions checking with Heimdal. Here's what I could
> understand from the Heimdal code:
Heimdal is also changing its behavior:
https://github.com/heimdal/heimdal/commit/db2ba88384dbf79cfeda339d9b6f8c1cc9032871
More information about the krbdev
mailing list