| commit | c9f65fc9422e3dbbcda6cfa4db78c321f7a3c4e9 | |
| author | Nicolas Williams <nico@cryptonector.com> | |
| Tue, 11 Mar 2014 01:20:49 +0000 (10 20:20 -0500) | ||
| committer | Nicolas Williams <nico@cryptonector.com> | |
| Thu, 13 Mar 2014 05:38:48 +0000 (13 00:38 -0500) | ||
| tree | 18596c49d8fbfafd9fbc98746cfc80d892bfd3f3 | treesnapshot (tar.gz zip) |
| parent | 46e0bd3c6872b80a2201efedba81c71d96069c89 | commitdiff |
env KRB5CCNAME=/tmp/foocc kinit ignores the env
The problem is that fcc_get_cache_next() is called in a context where
context->default_cc_name is not set. We should call
krb5_cc_default_name(), and that fixes the problem. There's a comment
warning that this can result in reentering krb5_cc_cache_match(), but
nothing in libkrb5 calls krb5_cc_cache_match(), so the comment is wrong,
at least in the github tree.
An alternative would be to call krb5_cc_set_default_name(NULL) in
kuser/kinit.c before calling krb5_cc_cache_match(), however, that seems
like an insufficiently general solution. Also, the semantics of
krb5_cc_cache_match() would differ from MIT's -- it seems better to
match MIT's semantics.
The problem is that fcc_get_cache_next() is called in a context where
context->default_cc_name is not set. We should call
krb5_cc_default_name(), and that fixes the problem. There's a comment
warning that this can result in reentering krb5_cc_cache_match(), but
nothing in libkrb5 calls krb5_cc_cache_match(), so the comment is wrong,
at least in the github tree.
An alternative would be to call krb5_cc_set_default_name(NULL) in
kuser/kinit.c before calling krb5_cc_cache_match(), however, that seems
like an insufficiently general solution. Also, the semantics of
krb5_cc_cache_match() would differ from MIT's -- it seems better to
match MIT's semantics.
| lib/krb5/fcache.c | diffblobblamehistory |