[krbdev.mit.edu #8909] git commit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8909] git commit

Greg Hudson via RT

Fri May 29 13:21:52 2020: Request 8909 was acted upon.
 Transaction: Ticket created by [hidden email]
       Queue: krb5
     Subject: git commit
       Owner: [hidden email]
  Requestors:
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8909 >



Return GSS_S_NO_CRED from krb5 gss_acquire_cred

Earlier versions of the GSS-API spec (RFCs 1508 and 2078) do not list
GSS_S_NO_CRED as a valid error code for gss_acquire_cred.  As a
result, the OpenVision developers of the GSSAPI krb5 mech created
GSS_S_CRED_UNAVAIL as an alias for GSS_S_FAILURE and returned it when
no valid credentials could be obtained.  RFC 2743 lists GSS_S_NO_CRED
as the proper return code when matching credentials cannot be
accessed.  Change the krb5 gss_acquire_cred() implementation to return
GSS_S_NO_CRED where it currently returns GSS_S_CRED_UNAVAIL.

Also stop using GSS_S_CRED_UNAVAIL in the krb5 gss_store_cred(), but
change it to explicitly use GSS_S_FAILURE instead.  RFC 5588 specifies
GSS_S_NO_CRED as indicating a problem with input_cred_handle, not the
receiving store, so GSS_S_NO_CRED would be inappropriate.

https://github.com/krb5/krb5/commit/eb8d2ced232e60613b461b4410f6fff3800467ab
Author: Greg Hudson <[hidden email]>
Commit: eb8d2ced232e60613b461b4410f6fff3800467ab
Branch: master
 src/lib/gssapi/krb5/acquire_cred.c |   16 ++++++++--------
 src/lib/gssapi/krb5/store_cred.c   |    4 ++--
 src/tests/gssapi/t_add_cred.c      |    2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs