[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal credentials: destroyed or expired?

To: heimdal-discuss@sics.se, "Phil Fisher" <philip_fisher@hotmail.co.uk>
Subject: Re: Heimdal credentials: destroyed or expired?
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Sun, 30 Sep 2007 11:32:22 +0200
In-Reply-To: <BAY119-F34A82EBE5CAF7582843075CACE0@phx.gbl>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <BAY119-F34A82EBE5CAF7582843075CACE0@phx.gbl>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>


31 aug 2007 kl. 16.11 skrev Phil Fisher:

> Is there a way of telling with Heimdal whether a credential is  
> unavailable because it has been destroyed rather than expiring?
>
> The GSSAPI C-bindings RFC 2744 says that gss_inquire_cred_by_mech()  
> returns GSS_S_CREDENTIALS_EXPIRED if the credentials have expired,  
> but I find that in Heimdal 1.0.1it returns GSS_S_NO_CRED, as it  
> does if the credential has been destroyed.

I would think that GSS_S_CREDENTIALS_EXPIRED would be useful when the  
cred from the begining wasn't expired.

I think you are correct in litteral meaning, but is it useful to get  
back GSS_S_CREDENTIALS_EXPIRED instead of GSS_S_NO_CRED ?

Note that current code tries to refresh tickets when the ticket is  
expired but there still is a useful krbtgt.

Love

Prev by Date: Re: More ipropd Anecdotes
Next by Date: Re: Problem with Special Characters in Password with Windows
Prev by thread: Re: More ipropd Anecdotes
Index(es):
- Date
- Thread