git.ipfire.org Git - thirdparty/krb5.git/commit

author	Will Fiveash <will.fiveash@oracle.com>
	Wed, 20 Jul 2016 00:20:51 +0000 (19:20 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 22 Jul 2016 15:37:27 +0000 (11:37 -0400)
commit	bd2c2a02e22c609b3c7e9f92d6634e151d14e478
tree	12c4083274948ca1d48cd9b096c7f4fd5f62709b	tree
parent	de92d6c5af514b88dc4fd36768b4ff05273ed184	commit \| diff

Better handle failures to resolve client keytab

In krb5_gss_acquire_cred(), treat failure to resolve the client keytab
similarly to a client keytab which resolves but does not exist or has
no entries. The client keytab could fail to resolve if its name
contains %{username} and the current process is acting on behalf of
the NSS system.

[ghudson@mit.edu: rewrote commit message; changed tracing call to use
a macro; cleared error message when ignoring krb5_kt_client_default()
error; added test case]

ticket: 8462 (new)

src/include/k5-trace.h		diff \| blob \| blame \| history
src/lib/gssapi/krb5/acquire_cred.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/iakerb.c		diff \| blob \| blame \| history
src/tests/gssapi/t_client_keytab.py		diff \| blob \| blame \| history