Add KRB5RCACHENAME and default_rcache_name

In krb5_get_server_rcache(), stop constructing a residual value based
on piece and the euid, and instead resolve default replay cache
(previously an unused operation, as krb5_rc_default() was not part of
the API and was never used).

To determine the default replay cache name, try the KRB5RCACHENAME
environment variable first, and then try KRB5RCACHETYPE for
compatibility.  If neither of those environment variables are set, try
the default_rcache_name profile relation in [libdefaults] before
falling back to "dfl:".

ticket: 8786

1 files changed, 6 insertions, 5 deletions

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 8bdca2f..d65cf8f 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -3944,13 +3944,14 @@ krb5_copy_checksum(krb5_context context, const krb5_checksum *ckfrom,
  * Generate a replay cache object for server use and open it.
  *
  * @param [in]  context         Library context
- * @param [in]  piece           Unique identifier for replay cache
+ * @param [in]  piece           Unused (replay cache identifier)
  * @param [out] rcptr           Handle to an open rcache
  *
- * This function generates a replay cache name based on @a piece and opens a
- * handle to it.  Typically @a piece is the first component of the service
- * principal name.  Use krb5_rc_close() to close @a rcptr when it is no longer
- * needed.
+ * This function creates a handle to the default replay cache.  Use
+ * krb5_rc_close() to close @a rcptr when it is no longer needed.
+ *
+ * @version Prior to release 1.18, this function creates a handle to a
+ * different replay cache for each unique value of @a piece.
  *
  * @retval 0 Success; otherwise - Kerberos error codes
  */