[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Return value of krb5_cc_default_name
Andreas Haupt <ahaupt@ifh.de> writes:
> On Fri, 25 Jul 2003, Andreas Haupt wrote:
>
>> Oops. I did not look correctly. There is the difference! "FILE:" is
>> missing on SuSE 8.2.
>
> I tracked this back to our ssh. OpenSSH v3.6.1p1 calls the following
> function when authenticating with Kerberos5:
>
> #ifdef HEIMDAL
> problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache);
> #else
>
> After this the KRB5CCNAME misses "FILE:"! After #else generating the
> ccache name and calling krb5_cc_resolve is done by hand. When I use this
> it works correctly!
From what I read, first the code get the filename with krb5_cc_get_name()
(that returns the name of the CC without prefix) and then set it with
child_set_env() (in session.c), so FILE will never be prefixed to the
kerberos name.
I guess the code should combine the name using krb5_cc_get_type +
krb5_cc_get_name (the gssapi patch does almost this).
Love
PGP signature