[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heimdal credentials: destroyed or expired?
31 aug 2007 kl. 16.11 skrev Phil Fisher:
> Is there a way of telling with Heimdal whether a credential is
> unavailable because it has been destroyed rather than expiring?
> The GSSAPI C-bindings RFC 2744 says that gss_inquire_cred_by_mech()
> returns GSS_S_CREDENTIALS_EXPIRED if the credentials have expired,
> but I find that in Heimdal 1.0.1it returns GSS_S_NO_CRED, as it
> does if the credential has been destroyed.
I would think that GSS_S_CREDENTIALS_EXPIRED would be useful when the
cred from the begining wasn't expired.
I think you are correct in litteral meaning, but is it useful to get
back GSS_S_CREDENTIALS_EXPIRED instead of GSS_S_NO_CRED ?
Note that current code tries to refresh tickets when the ticket is
expired but there still is a useful krbtgt.