Limit acquire_cred call to to Kerberos only

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Specify that the acquire_cred call should only be concerned with returning Kerberos credentials since this is Kerberos-only functionality.
author: kwc@citi.umich.edu <kwc@citi.umich.edu> 2006-07-03 18:34:16 -0400
committer: Neil Brown <neilb@suse.de> 2006-07-04 10:27:15 +1000
commit: 0f899e6d862994ffb437ae73e087c4a21ab59723 (patch)
tree: c1bb4c6de032f7757318919d46909703dc729f0d /utils/gssd/krb5_util.c
parent: 3829bb90e764cd72c0009cb32a8b39d0fab89d81 (diff)
download: nfs-utils-0f899e6d862994ffb437ae73e087c4a21ab59723.tar.gz
nfs-utils-0f899e6d862994ffb437ae73e087c4a21ab59723.tar.xz
nfs-utils-0f899e6d862994ffb437ae73e087c4a21ab59723.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 3030c3f..2f5e70e 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -280,11 +280,16 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
 {
 	u_int maj_stat, min_stat;
 	gss_cred_id_t credh;
+	gss_OID_set_desc  desired_mechs;
 	krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
 	int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
 
+	/* We only care about getting a krb5 cred */
+	desired_mechs.count = 1;
+	desired_mechs.elements = &krb5oid;
+
 	maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
-				    GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+				    &desired_mechs, GSS_C_INITIATE,
 				    &credh, NULL, NULL);
 
 	if (maj_stat != GSS_S_COMPLETE) {
author	kwc@citi.umich.edu <kwc@citi.umich.edu>	2006-07-03 18:34:16 -0400
committer	Neil Brown <neilb@suse.de>	2006-07-04 10:27:15 +1000
commit	0f899e6d862994ffb437ae73e087c4a21ab59723 (patch)
tree	c1bb4c6de032f7757318919d46909703dc729f0d /utils/gssd/krb5_util.c
parent	3829bb90e764cd72c0009cb32a8b39d0fab89d81 (diff)
download	nfs-utils-0f899e6d862994ffb437ae73e087c4a21ab59723.tar.gz nfs-utils-0f899e6d862994ffb437ae73e087c4a21ab59723.tar.xz nfs-utils-0f899e6d862994ffb437ae73e087c4a21ab59723.zip