[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal credentials: destroyed or expired?




31 aug 2007 kl. 16.11 skrev Phil Fisher:

> Is there a way of telling with Heimdal whether a credential is  
> unavailable because it has been destroyed rather than expiring?
>
> The GSSAPI C-bindings RFC 2744 says that gss_inquire_cred_by_mech()  
> returns GSS_S_CREDENTIALS_EXPIRED if the credentials have expired,  
> but I find that in Heimdal 1.0.1it returns GSS_S_NO_CRED, as it  
> does if the credential has been destroyed.

I would think that GSS_S_CREDENTIALS_EXPIRED would be useful when the  
cred from the begining wasn't expired.

I think you are correct in litteral meaning, but is it useful to get  
back GSS_S_CREDENTIALS_EXPIRED instead of GSS_S_NO_CRED ?

Note that current code tries to refresh tickets when the ticket is  
expired but there still is a useful krbtgt.

Love