[Patches] avoid krb5_ccache ccselect magic (bug #12480)
Simo
simo at samba.org
Fri Dec 30 01:06:09 UTC 2016
On Fri, 2016-12-30 at 02:00 +0100, Stefan Metzmacher wrote:
> Am 30.12.2016 um 01:56 schrieb Simo:
> > On Thu, 2016-12-29 at 22:14 +0100, Stefan Metzmacher wrote:
> > > Hi,
> > >
> > > here're my patches for https://bugzilla.samba.org/show_bug.cgi?id
> > > =124
> > > 80.
> > >
> > > Using gss_acquire_cred() (of MIT krb5) followed by
> > > gss_init_sec_context() will
> > > randomly choose any credential cache (from a global list) that
> > > matches the realm of target principal.
> > >
> > > Have a look at the commit messages or the bug for more details...
> > >
> > > Please review and push:-)
> > >
> > > Thanks!
> > > metze
> >
> > FYI: MIT recommends you use gss_acquire_cred_from instead of
> > gss_krb5_import_cred where/when possible, and I agree with them[*],
> > the
> > semantics of gss_acquire_cred_from() are cleaner.
>
> I know but at least for the client side it should call the same
> internal acquire_cred_context() function with the same arguments.
> gss_acquire_cred_from() is not as portable as gss_krb5_import_cred(),
> and I'd like to avoid #ifdef usage if possible. That may change
> if we try to use gss_acquire_cred_from() for the server sode later.
>
> For now I simply would like to fix the bug.
OK.
Simo.
More information about the samba-technical
mailing list