Just as the comments, "// The default ticket cache on Windows is not a
file." So I don't think there are some credentials missed, or won't get
read.
For the send question, the current CredentialsCache is implemented as a
file based cache. It's a good idea that we adjust the CredentialsCache
to accept LSA on windows platform. I made a few updates on
MemoryCredentialsCache, and CredentialsCache to accept
MemoryCredentialsCache months ago, I haven't test it completely. I never
thought about that it could be used to improve the acquireTGTFromCache.
Andrew
Weijun Max Wang wrote:
Hi All
Current sun.security.krb5.Credentials's acquireTGTFromCache method looks
like --
Cred acquireTGTFromCache(princ, fcache) {
if (fcache not specified) {
if (Windows) {
cred = function {
get default TGT from default file cache;
if (found && etypeSupported) return it;
else return one from LSA;
}
if (princ specified && princ is not princ in cred)
return null;
else
return cred;
}
}
read cred for princ in fcache
if (found && etypeSupported) return it;
else return null;
}
It seems there's a chance on Windows that the default TGT in default
file cache (fcache == null) is not for princ, but maybe there's one for
princ in LSA. It won't get read.
Right? Shall we just move the whole fcache to the beginning and only use
LSA as a fallback?
Thanks
Max
