[Patches] avoid krb5_ccache ccselect magic (bug #12480)
Stefan Metzmacher
metze at samba.org
Fri Dec 30 01:00:54 UTC 2016
Am 30.12.2016 um 01:56 schrieb Simo:
> On Thu, 2016-12-29 at 22:14 +0100, Stefan Metzmacher wrote:
>> Hi,
>>
>> here're my patches for https://bugzilla.samba.org/show_bug.cgi?id=124
>> 80.
>>
>> Using gss_acquire_cred() (of MIT krb5) followed by
>> gss_init_sec_context() will
>> randomly choose any credential cache (from a global list) that
>> matches the realm of target principal.
>>
>> Have a look at the commit messages or the bug for more details...
>>
>> Please review and push:-)
>>
>> Thanks!
>> metze
>
> FYI: MIT recommends you use gss_acquire_cred_from instead of
> gss_krb5_import_cred where/when possible, and I agree with them[*], the
> semantics of gss_acquire_cred_from() are cleaner.
I know but at least for the client side it should call the same
internal acquire_cred_context() function with the same arguments.
gss_acquire_cred_from() is not as portable as gss_krb5_import_cred(),
and I'd like to avoid #ifdef usage if possible. That may change
if we try to use gss_acquire_cred_from() for the server sode later.
For now I simply would like to fix the bug.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161230/e91995fd/signature.sig>
More information about the samba-technical
mailing list