Skip Menu |
 

Subject: Export/Import creds breaks with delegated credentials
I am trying to combine obtaining delegated credentials via constrained
delegation and then exporting them to reimport them in a different
process via gss_export_cred/gss_import_cred.
This does not work. After import the new process fails to be able to
obtain a ticket for the target service using the delegated credentials.
From: ghudson@mit.edu
Subject: git commit

Fix GSSAPI krb5 cred ccache import

json_to_ccache was incorrectly indexing the JSON array when restoring
a memory ccache. Fix it.

Add test coverage for a multi-cred ccache by exporting/importing the
synthesized S4U2Proxy delegated cred in t_s4u2proxy_krb5.c; move
export_import_cred from t_export_cred.c to common.c to facilitate
this. Make a note in t_export_cred.py that this case is covered in
t_s4u.py.

https://github.com/krb5/krb5/commit/48dd01f29b893a958a64dcf6eb0b734e8463425b
Author: Greg Hudson <ghudson@mit.edu>
Commit: 48dd01f29b893a958a64dcf6eb0b734e8463425b
Branch: master
src/lib/gssapi/krb5/import_cred.c | 2 +-
src/tests/gssapi/common.c | 14 ++++++++++++++
src/tests/gssapi/common.h | 4 ++++
src/tests/gssapi/t_export_cred.c | 16 ----------------
src/tests/gssapi/t_export_cred.py | 5 ++++-
src/tests/gssapi/t_s4u2proxy_krb5.c | 4 ++++
6 files changed, 27 insertions(+), 18 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix GSSAPI krb5 cred ccache import

json_to_ccache was incorrectly indexing the JSON array when restoring
a memory ccache. Fix it.

Add test coverage for a multi-cred ccache by exporting/importing the
synthesized S4U2Proxy delegated cred in t_s4u2proxy_krb5.c; move
export_import_cred from t_export_cred.c to common.c to facilitate
this. Make a note in t_export_cred.py that this case is covered in
t_s4u.py.

(cherry picked from commit 48dd01f29b893a958a64dcf6eb0b734e8463425b)

https://github.com/krb5/krb5/commit/be45a2ae66e4a3287b434a900ebdc52a12226449
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: be45a2ae66e4a3287b434a900ebdc52a12226449
Branch: krb5-1.12
src/lib/gssapi/krb5/import_cred.c | 2 +-
src/tests/gssapi/common.c | 14 ++++++++++++++
src/tests/gssapi/common.h | 4 ++++
src/tests/gssapi/t_export_cred.c | 16 ----------------
src/tests/gssapi/t_export_cred.py | 5 ++++-
src/tests/gssapi/t_s4u2proxy_krb5.c | 4 ++++
6 files changed, 27 insertions(+), 18 deletions(-)