diff options
| author | Lukas Hejtmanek <xhejtman@ics.muni.cz> | 2009-08-27 11:42:24 -0400 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2009-08-27 11:42:24 -0400 |
| commit | bd947185cfc7978c562fddf2f14f602c44a5cac9 (patch) | |
| tree | 3eba094b02c5c3c30d3f645538637dd7c19312dc /utils/gssd/krb5_util.h | |
| parent | 1d2951b518dd5df4fc0a637880d204f0f4e949c5 (diff) | |
| download | nfs-utils-bd947185cfc7978c562fddf2f14f602c44a5cac9.tar.gz nfs-utils-bd947185cfc7978c562fddf2f14f602c44a5cac9.tar.xz nfs-utils-bd947185cfc7978c562fddf2f14f602c44a5cac9.zip | |
Gssd blindly caches machine credentials
We have a problem with rpc.gssd which blindly caches machine credentials.
E.g., if someone deletes /tmp/krb5cc_machine_REALM, rpc.gss does not create
new one until the old one expires. Also, it has problems with clock skew, if
time goes back and gssd thinks that machine credentials are not expired yet.
The following patch tries to use cache but in case of failure, it tries it
again without cache. Any comments?
Signed-off-by: Lukas Hejtmanek <xhejtman@ics.muni.cz>
Acked-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'utils/gssd/krb5_util.h')
| -rw-r--r-- | utils/gssd/krb5_util.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h index 3d39300..4b6b281 100644 --- a/utils/gssd/krb5_util.h +++ b/utils/gssd/krb5_util.h @@ -30,7 +30,7 @@ void gssd_free_krb5_machine_cred_list(char **list); void gssd_setup_krb5_machine_gss_ccache(char *servername); void gssd_destroy_krb5_machine_creds(void); int gssd_refresh_krb5_machine_credential(char *hostname, - struct gssd_k5_kt_princ *ple); + struct gssd_k5_kt_princ *ple, int nocache); char *gssd_k5_err_msg(krb5_context context, krb5_error_code code); void gssd_k5_get_default_realm(char **def_realm); |