[28602] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.13]: Restore providing password TGTs for the ksu
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Sep 18 16:48:11 2014
Date: Thu, 18 Sep 2014 16:46:08 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201409182046.s8IKk8rR017153@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/8bfc5060eb3b863a1805efab45749d6e55239e6e
commit 8bfc5060eb3b863a1805efab45749d6e55239e6e
Author: Nalin Dahyabhai <nalin@redhat.com>
Date: Thu Sep 18 08:37:29 2014 -0400
Restore providing password TGTs for the ksu target
The use of "stored" was originally for marking whether or not creds
had been found in the source cache and copied to the target. If it was
false, the obtain-a-TGT-using-a-password path would be triggered and
it would populate the target ccache directly.
When the intermediate cache was introduced (in commit dccc80a), the
variable started marking whether or not creds had been copied to the
intermediate cache, and this was then used to decide whether or not to
copy creds to the target cache.
The obtain-a-TGT-using-a-password path began storing its creds in the
temporary cache as well, but neglected to set the flag so that the
creds would be copied to the target cache later, so the target ccache
would never be created and populated with the newly-obtained TGT.
(cherry picked from commit 005f4eb3ccc1092f4a43afc4d6a4fabfa20b2b41)
ticket: 8016
version_fixed: 1.13
status: resolved
src/clients/ksu/main.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 0492e38..e1a9352 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -485,6 +485,7 @@ main (argc, argv)
fprintf(stderr, "\n");
}
+ stored = TRUE;
}
#endif /* GET_TGT_VIA_PASSWD */
}
@@ -506,6 +507,7 @@ main (argc, argv)
prog_name,target_user,source_user,ontty());
exit(1);
}
+ stored = TRUE;
if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
com_err(prog_name, retval, _("When unparsing name"));
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5