[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: init_sec_context.c / profile reading
Chris Chiappa <firstname.lastname@example.org> writes:
> This means that unfortunately if you want renewable and proxiable tickets by
> default on a machine you're out of luck - the gssapi code doesn't give you a
> way as far as I can tell to specify this (and in a related vein it doesn't
> seem to me that forwarded tickets should automatically be marked
> forwardable). Instead it seems like the gssapi code should be able to do
> something like this:
> krb5_get_init_creds_opt opt;
> krb5_kdc_flags fwd_flags;
> krb5_munge_opts_to_flags(&opt, &fwd_flags);
> fwd_flags.b.forwarded = 1;
Yes, I think this is better, it's a little ugly having the program
name of `gssapi', but that's probably fine.
> where krb5_munge_opts_to_flags basically does much of what
> init_creds_pw.c:get_init_creds_common currently does. Comments? It could
> be that I'm missing something but the current set up seems to require a lot
> of duplicate effort for any code that wants to initialize ticket options
> from krb5.conf.
Yeah, the common code should get extracted.