From d7c778325a6f690dc16213e797dbdc3a84458ae8 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Mon, 7 Jan 2019 21:09:34 +0200 Subject: Remove erroneous text from kinit man page Commit 4c4859fa83295db5c26f47b96c719060cfd9e2b1 changed the kinit man page to state that kinit -E (enterprise) implies -C (canonicalize). The client does not automatically set the canonicalize option when getting tickets for an enterprise principal, and Windows KDCs can issue tickets for enterprise principals without canonicalizing the principal (contrary to the implication of RFC 6806 section 5). Remove the misleading text. [ghudson@mit.edu: updated RST man page and regenerated nroff file; rewrote commit message] (cherry picked from commit 8e31335a7722a2f7f1722506befe4fd26d3e3f3f) ticket: 8779 version_fixed: 1.17.1 Patch-Category: upstream --- doc/user/user_commands/kinit.rst | 3 +-- src/man/kinit.man | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst index d692e2791..e12e88a37 100644 --- a/doc/user/user_commands/kinit.rst +++ b/doc/user/user_commands/kinit.rst @@ -92,8 +92,7 @@ OPTIONS requested. **-E** - treats the principal name as an enterprise name (implies the - **-C** option). + treats the principal name as an enterprise name. **-v** requests that the ticket-granting ticket in the cache (with the diff --git a/src/man/kinit.man b/src/man/kinit.man index d121cff74..a3dcfe26c 100644 --- a/src/man/kinit.man +++ b/src/man/kinit.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KINIT" "1" " " "1.17" "MIT Kerberos" +.TH "KINIT" "1" " " "1.18" "MIT Kerberos" .SH NAME kinit \- obtain and cache Kerberos ticket-granting ticket . @@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one requested. .TP \fB\-E\fP -treats the principal name as an enterprise name (implies the -\fB\-C\fP option). +treats the principal name as an enterprise name. .TP \fB\-v\fP requests that the ticket\-granting ticket in the cache (with the -- cgit v1.2.3 From c736896c4a0e6402e4876163647e320b1fc62d21 Mon Sep 17 00:00:00 2001 From: Corene Casper Date: Sat, 16 Feb 2019 00:49:26 -0500 Subject: Fix memory leak in 'none' replay cache type Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory leak in the 'none' replay cache type by freeing the outer container, but we also need to free the mutex. [ghudson@mit.edu: wrote commit message] (cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17) ticket: 8783 version_fixed: 1.17.1 Patch-Category: upstream --- src/lib/krb5/rcache/rc_none.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c index e30aed09f..0b2274df7 100644 --- a/src/lib/krb5/rcache/rc_none.c +++ b/src/lib/krb5/rcache/rc_none.c @@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc) static krb5_error_code KRB5_CALLCONV krb5_rc_none_close(krb5_context ctx, krb5_rcache rc) { + k5_mutex_destroy(&rc->lock); free (rc); return 0; } -- cgit v1.2.3 From a243df875ff905d1c676bd726b19bafea07b628c Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 6 Mar 2019 18:01:50 -0500 Subject: Document the double-colon behavior of DIR ccaches (cherry picked from commit 5ba6e02a7b96ddd15dde01db0f9aff3d65773a8e) ticket: 8789 version_fixed: 1.17.1 Patch-Category: upstream --- doc/basic/ccache_def.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst index d147f0d7a..53542adde 100644 --- a/doc/basic/ccache_def.rst +++ b/doc/basic/ccache_def.rst @@ -51,6 +51,13 @@ library. requirement is for parent directory to exist and the current process must have permissions to create the directory if it does not exist. See :ref:`col_ccache` for details. New in release 1.10. + The following residual forms are supported: + + * DIR:dirname + * DIR::dirpath/filename - a single cache within the directory + + Switching to a ccache of the latter type causes it to become the + primary for the directory. #. **FILE** caches are the simplest and most portable. A simple flat file format is used to store one credential after another. This is -- cgit v1.2.3