[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gss_krb5_import_creds can't work with memory keytab

I've been trying to move Samba4 across to using the new
gss_krb5_import_creds function.  This should reduce our custom hacks
significantly, and I thought it provided the correct semantics.

However, we make extensive use of in-memory keytabs, and currently this
routine fails to 'reference' an existing in-memory keytab.  Instead,
these steps create a new, blank in-memory keytab:

	kret = krb5_kt_get_full_name(gssapi_krb5_context, keytab, &str);
	if (kret)
	    goto out;

	kret = krb5_kt_resolve(gssapi_krb5_context, str, &handle->keytab);
	if (kret)
	    goto out;

I see a few solutions:  We could copy the contents of the keytab (as
being 'unlikely to change', we could add a new function to 'reference' a
keytab (other than by get/resolve name), or the code in keytab_memory.c
could be changed to record the list of keytabs (with reference counting
etc), much as the in-memory ccache code does.

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part