[security-dev 00032]: JGSS: Re-construct Credentials.acquireTGTFromCache
Weijun Max Wang
Weijun.Wang at Sun.COM
Wed Jan 2 09:54:02 UTC 2008
Hi All
Current sun.security.krb5.Credentials's acquireTGTFromCache method looks
like --
Cred acquireTGTFromCache(princ, fcache) {
if (fcache not specified) {
if (Windows) {
cred = function {
get default TGT from default file cache;
if (found && etypeSupported) return it;
else return one from LSA;
}
if (princ specified && princ is not princ in cred)
return null;
else
return cred;
}
}
read cred for princ in fcache
if (found && etypeSupported) return it;
else return null;
}
It seems there's a chance on Windows that the default TGT in default
file cache (fcache == null) is not for princ, but maybe there's one for
princ in LSA. It won't get read.
Right? Shall we just move the whole fcache to the beginning and only use
LSA as a fallback?
Thanks
Max
More information about the security-dev
mailing list