Love Hörnquist Åstrand
Fri, 09 Feb 2007 08:09:23 -0800
Shouldn't all inputs that changes the default name affect the "probe function" Right now that is KRB5CCNAME and uid of the process.Not if KRB5CCNAME is allowed to change at runtime. Consider a single threaded server that authenticates a client and calls setenv("KRB5CCNAME=deleg/ccache1") and then calls gss_init_sec_context to authenticate with second server. That will trigger context->default_cc_name to be set. Then a second client is authenticated and callssetenv("KRB5CCNAME=deleg/ccache2"). Again gss_init_sec_context is calledbut now context->default_cc_name will *not* be set and the *wrong* ccache file will be used.
So I think I didn't mange to express myself clearly enough. So I wasarguing that the changing the uid should also trigger a default cc name change
in addition to detecting KRB5CCNAME changes. change_to_uid(first-user) init_sec_context change_to_uid(other-user) init_sec_context Love