[security-dev 00032]: JGSS: Re-construct Credentials.acquireTGTFromCache

Weijun Max Wang Weijun.Wang at Sun.COM
Wed Jan 2 01:54:02 PST 2008


Hi All

Current sun.security.krb5.Credentials's acquireTGTFromCache method looks
like --

Cred acquireTGTFromCache(princ, fcache) {
  if (fcache not specified) {
    if (Windows) {
      cred = function {
        get default TGT from default file cache;
        if (found && etypeSupported) return it;
        else return one from LSA;
      }
      if (princ specified && princ is not princ in cred)
        return null;
      else
        return cred;
    }
  }
  read cred for princ in fcache
  if (found && etypeSupported) return it;
  else return null;
}

It seems there's a chance on Windows that the default TGT in default
file cache (fcache == null) is not for princ, but maybe there's one for
princ in LSA. It won't get read.

Right? Shall we just move the whole fcache to the beginning and only use
LSA as a fallback?

Thanks
Max




More information about the security-dev mailing list