Skip Menu |

Subject: git commit

Use cached S4U2Proxy tickets in GSSAPI

Ticket #7047 allowed credentials obtain using S4U2Proxy through GSSAPI
to be cached, but doesn't actually use the cached credentials. Modify
get_credentials() to check the cache for the desired client name
first, then to make an S4U2Proxy request if we don't find it.

Test this change by adding code to t_s4u.c to repeat the constrained
delegation request and verify that only three tickets are present in
the cache.

[ squash commits; commit message rewrite; minor style
edits; changed test code to use gss_store_cred_into() to avoid the
need to pick a principal to initialize the ccache with]
Author: Isaac Boukris <>
Committer: Greg Hudson <>
Commit: f149b9cc1e0f8c6e7cca2ee0a5fd8feff7deaf58
Branch: master
src/lib/gssapi/krb5/init_sec_context.c | 71 ++++++++++++++++---------------
src/tests/gssapi/t_s4u.c | 66 +++++++++++++++++++++++++++++
2 files changed, 103 insertions(+), 34 deletions(-)