summaryrefslogtreecommitdiffstats
path: root/auth/credentials/credentials_krb5.c
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2012-05-24 15:17:40 +0300
committerAlexander Bokovoy <ab@samba.org>2012-05-24 16:21:26 +0200
commitdc3f74a953de0fcf9b3f693efe2ba8dea7b93da9 (patch)
treeaa6da0bd898109a9400f7d014e01302fea5f23c2 /auth/credentials/credentials_krb5.c
parenta95b2ba043ce843149fef4821cc25823c53cf994 (diff)
downloadsamba-dc3f74a953de0fcf9b3f693efe2ba8dea7b93da9.tar.gz
samba-dc3f74a953de0fcf9b3f693efe2ba8dea7b93da9.tar.xz
samba-dc3f74a953de0fcf9b3f693efe2ba8dea7b93da9.zip
auth/credentials: 'workgroup' set via command line will not drop existing ccache
The root cause for existing ccache being invalidated was use of global loadparm with 'workgroup' value set as if from command line. However, we don't really need to take 'workgroup' parameter value's nature into account when invalidating existing ccache. When -U is used on the command line, one can specify a password to force ccache invalidation. The commit also reverts previous fix now that root cause is clear.
Diffstat (limited to 'auth/credentials/credentials_krb5.c')
-rw-r--r--auth/credentials/credentials_krb5.c14
1 files changed, 2 insertions, 12 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 2c93a8febc9..2a23688ffdb 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -486,18 +486,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
}
}
-
- if (cred->ccache_obtained == CRED_UNINITIALISED) {
- /* Only attempt to re-acquire ccache if it is not already in place.
- * this is important for client-side use within frameworks with already acquired tickets
- * like Apache+mod_auth_kerb+Python
- */
- ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
- &ccache, error_string);
- } else {
- ccache = cred->ccache;
- }
-
+ ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
+ &ccache, error_string);
if (ret) {
if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
DEBUG(1, ("Failed to get kerberos credentials (kerberos required): %s\n", *error_string));