[11539] in Kerberos-V5-bugs
[krbdev.mit.edu #3206] gss_acquire_cred with GSS_C_BOTH or
daemon@ATHENA.MIT.EDU (mattias.karlsson@sungard.com via R)
Wed May 19 13:50:55 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "mattias.karlsson@sungard.com via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-3206@krbdev.mit.edu>
Message-ID: <rt-3206-32810.13.5944935214616@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #3206'":;"'AdminCc of krbdev.mit.edu Ticket #3206'":;@MIT.EDU
Date: Wed, 19 May 2010 13:50:53 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Hi
I ran into the problem stated below. I can't find any bug number or
status of this issue? Is it solved? The workaround seems quite messy.
Mattias
--//--
Sam Hartman (see below) suggested I report this as a bug. It has been
there
for a long time, and I understand Heimdal does not have this problem.
Synopsis: When a cred cache is not available, and a keytab cred is
available, gss_acquire_cred should obtain an initiator cred cache
based on the keytab cred when GSS_C_BOTH or GSS_C_INITIATE flag is set.
See RFC 1964, June 1996, Section 3
fourth paragraph.
Severity:
Probably not high, because there is
a somewhat kludgy workaround that many of us use:
run a cron or background process that repeatedly generates a
cred cache from a keytab.
(e.g., "kinit -k -t" or API equivilent)
--//--
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
