Skip Menu |
 

Subject: krb5_get_credentials should not fail due to inability to store a credential in a cache
If the credential cache is readonly or otherwise unwritable,
krb5_get_credentials() should not fail. The use of a credential cache
is simply an optimization not a requirement.

In the 1.6 series this is handled correctly for the simple case but
fails for the cross-realm case. The fix is to remove the assignment
"retval = rv2" In the krb5_get_credentials() loop:

if (tgts) {
register int i = 0;
krb5_error_code rv2;
while (tgts[i]) {
if ((rv2 = krb5_cc_store_cred(context, ccache, tgts[i]))) {
retval = rv2;
break;
}
i++;
}
krb5_free_tgt_creds(context, tgts);
}

On the trunk this bug was introduced in all cases. Whenever
krb5_cc_store_cred() is called and fails, the error code is checked and
returned. The fix is to never check and return the error code. See
src/lib/krb5/krb/get_creds.c step_referrals(), step_get_tgt(), and
complete().
From: ghudson@mit.edu
Subject: SVN Commit

Don't fail out from krb5_get_credentials() if we can't store a ticket
into the ccache.


https://github.com/krb5/krb5/commit/5abcb10f99de5c732e63679286fa49f1f5766205
Commit By: ghudson
Revision: 24488
Changed Files:
U trunk/src/lib/krb5/krb/get_creds.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r24488 from trunk

------------------------------------------------------------------------
r24488 | ghudson | 2010-10-27 13:05:05 -0400 (Wed, 27 Oct 2010) | 5 lines

ticket: 6812

Don't fail out from krb5_get_credentials() if we can't store a ticket
into the ccache.

https://github.com/krb5/krb5/commit/0f01cf23c8b02db3ca7ea9986fa20f59b247b6eb
Commit By: tlyu
Revision: 24501
Changed Files:
U branches/krb5-1-9/src/lib/krb5/krb/get_creds.c