[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Return value of krb5_cc_default_name

Andreas Haupt <ahaupt@ifh.de> writes:

> On Fri, 25 Jul 2003, Andreas Haupt wrote:
>> Oops. I did not look correctly. There is the difference! "FILE:" is
>> missing on SuSE 8.2.
> I tracked this back to our ssh. OpenSSH v3.6.1p1 calls the following
> function when authenticating with Kerberos5:
> #ifdef HEIMDAL
>     problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache);
> #else
> After this the KRB5CCNAME misses "FILE:"! After #else generating the
> ccache name and calling krb5_cc_resolve is done by hand. When I use this
> it works correctly!

From what I read, first the code get the filename with krb5_cc_get_name()
(that returns the name of the CC without prefix) and then set it with
child_set_env() (in session.c), so FILE will never be prefixed to the
kerberos name.

I guess the code should combine the name using krb5_cc_get_type +
krb5_cc_get_name (the gssapi patch does almost this).


PGP signature