* cc_retr.c: Extract the test to determine if a credential matches

     a requested credential according to the specified fields into
     a private function: krb5int_cc_creds_match_request()

   * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to
     perform a MS Kerberos LSA ticket request if there is no matching
     credential in the cache.  The MS Kerberos LSA places the following
     restriction on what tickets it will place into the LSA cache:
         tickets obtained by an application request for a specific
         set of kerberos flags or enctype will not be cached.
     Therefore, we first make a request with no flags or enctype in
     the hope that we will be lucky and get the right ones anyway.
     If not, we make the application's request and return that ticket
     if it matches the other criteria.

     Implemented a similar technique for krb5_lcc_store().  Since we
     can not write to the cache, when a store request is made we
     instead perform a ticket request through the lsa for a matching
     credential.  If we receive one, we return success.  Otherwise,
     we return the KRB5_CC_READONLY error.

   With these changes I am now able to operate entirely with the MSLSA
   ccache as the default cache provided the MS LSA credentials are
   for the principal I wish to use.  Obviously, one cannot change
   principals while the MSLSA ccache is the default.

ticket: 2049

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15939 dc483132-0cff-0310-8789-dd5450dbe970

0 files changed, 0 insertions, 0 deletions