Resolve krb5 GSS creds if time_rec is requested The code normally tries to defer credential acquisition to a later time. However, if the application requests the lifetime, the code needs to resolve the credential and return the actual expiration time. Returning 0 would cause the application to think credentials are expired. In the mechglue, pass through null time_rec pointers to the mech so that the mech knows whether it was requested. In SPNEGO, pass through time_rec to the mech when acquiring creds, via a new parameter to get_available_mechs(). [ghudson@mit.edu: minor style changes; edit and expand commit message] https://github.com/krb5/krb5/commit/50f426ac17a81ff5b7c212c24645b9874ea911f0 Author: Simo Sorce Committer: Greg Hudson Commit: 50f426ac17a81ff5b7c212c24645b9874ea911f0 Branch: master src/lib/gssapi/krb5/acquire_cred.c | 9 ++++++++- src/lib/gssapi/mechglue/g_acquire_cred.c | 14 +++++++++----- src/lib/gssapi/spnego/spnego_mech.c | 15 ++++++++------- 3 files changed, 25 insertions(+), 13 deletions(-)