>According to strace ... > >1.2.8 app server with named credential - opens an rcache. >1.3.1 app server with no credential - no evidence of rcache being >opened.
Hm, regarding my previous note .... It looks like I was wrong, krb5_rd_req() will get a replay cache even if the passed-in server is NULL, because it gets the server name from the ticket. >wrt to krb5_rd_req - it looks like rcache is obtained only if >auth_context_flags includes KRB5_AUTH_CONTEXT_DO_TIME. > >accept_sec_context clearly sets auth_context with >KRB5_AUTH_CONTEXT_DO_SEQUENCE. Looks like the right thing to do here is change accept_sec_context() to set KRB5_AUTH_CONTEXT_DO_SEQUENCE. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos