diff options
author | Greg Hudson <ghudson@mit.edu> | 2020-12-14 13:16:17 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2021-01-08 11:58:28 -0500 |
commit | 58b4b38e104f0a73b7ac5700c1715a22bbb4604b (patch) | |
tree | a794e0b5e8fad535d49da5ce97acfbdbe0ed9936 /src/clients/kvno/kvno.c | |
parent | b5b45c42e5e7970f4a6e3622cd29c6fd77c8cf57 (diff) | |
download | krb5-58b4b38e104f0a73b7ac5700c1715a22bbb4604b.zip krb5-58b4b38e104f0a73b7ac5700c1715a22bbb4604b.tar.gz krb5-58b4b38e104f0a73b7ac5700c1715a22bbb4604b.tar.bz2 |
Add support for start_realm cache config
When making TGS requests, if start_realm is set in the cache, use the
named realm to look up the initial TGT for referral or cross-realm
requests. (Also correct a comment in struct _tkt_creds_context: the
ccache field is an owner pointer, not an alias.)
Add an internal API k5_cc_store_primary_cred(), which sets start_realm
if the cred being stored is a TGT for a realm other than the client
realm. Use this API when acquiring initial tickets with a
caller-specified output ccache, when renewing or validating tickets
with kinit, when accepting a delegated credential in a GSS context,
and when storing a single cred with kvno --out-cache.
(cherry picked from commit 0d56740ab9fcc40dc7f46c6fbebdf8f1214f9d96)
ticket: 8332
version_fixed: 1.19
Diffstat (limited to 'src/clients/kvno/kvno.c')
-rw-r--r-- | src/clients/kvno/kvno.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c index c5f6bf7..f83c68a 100644 --- a/src/clients/kvno/kvno.c +++ b/src/clients/kvno/kvno.c @@ -561,7 +561,10 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, } initialized = 1; } - ret = krb5_cc_store_cred(context, out_ccache, creds); + if (count == 1) + ret = k5_cc_store_primary_cred(context, out_ccache, creds); + else + ret = krb5_cc_store_cred(context, out_ccache, creds); if (ret) { com_err(prog, ret, _("while storing creds in output ccache")); exit(1); |