credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case
Simo
simo at samba.org
Sat Mar 4 16:14:53 UTC 2017
On Fri, 2017-03-03 at 14:23 +0200, Alexander Bokovoy wrote:
> > We almost never want to use the default cache!
>
> We do and we do use it in FreeIPA use case for last three years
> without
> any issues.
Just a note on this subthread, you should use the default ccache ... by
default!
Nothing wrong in allowing to pass a non-default ccache, but that should
not be the default behavior.
It breaks expectations from programs using libraries. Programs expect
libraries using kerberos to use the default ccache (by default) which
they presumably initializied with the credentials they want to use or
they expect to use "as is" because the user logged in with their own
kerberos crendetials before running the program.
Simo.
More information about the samba-technical
mailing list