krb5 commit: Implement cccol iterators for mslsa
Kevin Wasserman
krwasserman at hotmail.com
Mon Jul 16 10:26:56 EDT 2012
The goal is for the ticket manager to be able to have
both MSLSA and CCAPI ccaches accessible and be able
to specify either type as the 'default' ccache. I originally
had 'switch_to' call krb5int_cc_user_set_default_name()
to allow that, but we decided that is not a good idea,
so the ticket manager now calls it explicitly, so probably
the stub is no longer necessary. I think it is harmless in
the sense that it doesn't actually change the behavior of
kinit-ing to the mslsa ccache, though I agree it is
misleading in that it produces the expectation that you
might be able to have more than one functional mslsa
ccache. After I verify it doesn't cause any problems,
I'll remove it.
-Kevin
-----Original Message-----
From: Greg Hudson
Sent: Monday, July 16, 2012 9:57 AM
To: krbdev at MIT.EDU
Subject: Re: krb5 commit: Implement cccol iterators for mslsa
On 07/16/2012 09:33 AM, Sam Hartman wrote:
> Author: Kevin Wasserman <kevin.wasserman at painless-security.com>
[...]
> Implement cccol iterators for mslsa
>
> Also implement switch_to stub
What's the motivation for adding a switch_to stub?
If switch_to is implemented, kinit will use krb5_cc_new_unique and
krb5_cc_switch_to when getting tickets for a principal other than the
one currently in the cache. I don't think that will work for the mslsa
type.
_______________________________________________
krbdev mailing list krbdev at mit.edu
https://mailman-mit-edu.ezproxyberklee.flo.org/mailman/listinfo/krbdev
More information about the krbdev
mailing list