[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSSAPI lib from Heimdal does not cleanup credentials in OpenSSH

On Thu, 15 Feb 2007 15:07:26 +0100
Michal Prochazka <michalp@ics.muni.cz> wrote:

> So the difference is only in gssapi library.

GSSAPI doesn't know anything about "Tickets". For OpenSSH to save
delegated credentials it must use Kebreros implementation specific
functionality (eg gss_krb5_copy_ccache in Heimdal). I know nothing of
OpenSSH but I would look at OpenSSH's "cleanup" code.


Michael B Allen
PHP Active Directory SSO