Subject: | gss_acquire_cred_with_password() fails to acquire multiple creds by default |
From: | Simo Sorce <simo@redhat.com> |
To: | krb5-bugs <krb5-bugs@mit.edu> |
Date: | Sat, 20 Jun 2015 16:19:41 -0400 |
The code in gss_acquire_cred_with_password() limits itself to only
acquire creds for the "default" mechanism if no desires odi_set is
provided. This prevents cases where multiple mechanism are available to
work in the default case where no preference is desired.
A workaround is to use gss_indicate_mechs() and pass the output to
gss_acquire_cred_with_password() but it seem just a gratuitous
limitation.
gss_acquire_cred_with_password() (or a better successor) should not
prevent a multi-mechanism negotiation by default.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
acquire creds for the "default" mechanism if no desires odi_set is
provided. This prevents cases where multiple mechanism are available to
work in the default case where no preference is desired.
A workaround is to use gss_indicate_mechs() and pass the output to
gss_acquire_cred_with_password() but it seem just a gratuitous
limitation.
gss_acquire_cred_with_password() (or a better successor) should not
prevent a multi-mechanism negotiation by default.
Simo.
--
Simo Sorce * Red Hat, Inc * New York