[3886] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #1305] Spec considered

daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Wed Feb 5 16:31:43 2003

Date: Wed, 5 Feb 2003 16:31:18 -0500 (EST)
Mail-Followup-To: rt@krbdev.mit.edu
Message-Id: <rt-1305-4412.2.77029065396121@krbdev.mit.edu>
In-Reply-To: <rt-1305@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Mail-Copies-To: never
To: mjv@mit.edu
cc: krb5-prs@mit.edu
Reply-To: rt-comment@krbdev.mit.edu
Errors-To: krb5-bugs-bounces@mit.edu

Marc Horowitz pointed out that we need to be careful to preserve
behavior mandated by the spec.  I've looked at the spec and I believe
that we can solve this provided that gss_inquire_cred still does
something useful with the default credentials.

I believe for example it would be reasonable to refresh the default
credentials during each init_sec_context and accept_sec_context call.
Provided that the system credentials have not changed, then things
will continue to work.

There are some multi-mechanism issues to consider eventually.

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3886] in Kerberos-V5-bugs

[krbdev.mit.edu #1305] Spec considered

daemon@ATHENA.MIT.EDU (Sam Hartman via RT)Wed Feb 5 16:31:43 2003

daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Wed Feb 5 16:31:43 2003