Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Better handle failures to resolve client keytab

In krb5_gss_acquire_cred(), treat failure to resolve the client keytab
similarly to a client keytab which resolves but does not exist or has
no entries. The client keytab could fail to resolve if its name
contains %{username} and the current process is acting on behalf of
the NSS system.

[ghudson@mit.edu: rewrote commit message; changed tracing call to use
a macro; cleared error message when ignoring krb5_kt_client_default()
error; added test case]

https://github.com/krb5/krb5/commit/bd2c2a02e22c609b3c7e9f92d6634e151d14e478
Author: Will Fiveash <will.fiveash@oracle.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: bd2c2a02e22c609b3c7e9f92d6634e151d14e478
Branch: master
src/include/k5-trace.h | 3 +++
src/lib/gssapi/krb5/acquire_cred.c | 23 ++++++++++++++++++++---
src/lib/gssapi/krb5/iakerb.c | 4 +++-
src/tests/gssapi/t_client_keytab.py | 10 ++++++++++
4 files changed, 36 insertions(+), 4 deletions(-)