From: | ghudson@mit.edu |
Subject: | git commit |
Resolve krb5 GSS creds if time_rec is requested
The code normally tries to defer credential acquisition to a later
time. However, if the application requests the lifetime, the code
needs to resolve the credential and return the actual expiration time.
Returning 0 would cause the application to think credentials are
expired.
In the mechglue, pass through null time_rec pointers to the mech so
that the mech knows whether it was requested. In SPNEGO, pass through
time_rec to the mech when acquiring creds, via a new parameter to
get_available_mechs().
[ghudson@mit.edu: minor style changes; edit and expand commit message]
https://github.com/krb5/krb5/commit/50f426ac17a81ff5b7c212c24645b9874ea911f0
Author: Simo Sorce <simo@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 50f426ac17a81ff5b7c212c24645b9874ea911f0
Branch: master
src/lib/gssapi/krb5/acquire_cred.c | 9 ++++++++-
src/lib/gssapi/mechglue/g_acquire_cred.c | 14 +++++++++-----
src/lib/gssapi/spnego/spnego_mech.c | 15 ++++++++-------
3 files changed, 25 insertions(+), 13 deletions(-)