[krbdev.mit.edu #8718] krb5_get_credentials incorrectly matches user to user ticket

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8718] krb5_get_credentials incorrectly matches user to user ticket

Greg Hudson via RT-2
It seems like there is no way to instruct krb5_get_credentials not to use a
cached user-to-user ticket for a particular service principal.

When you pass in KRB5_GC_USER_USER, there is care taken to ensure only a
user-to-user ticket is selected. However, the lack of that flag doesn't
prevent a user-to-user ticket from being selected from the cache.

It seems like either:
1) the lack of KRB5_GC_USER_USER should only match standard tickets
2) there should be some other flag introduced to express this desire

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs