diff options
author | Russ Allbery <rra@stanford.edu> | 2013-05-16 18:48:11 -0700 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2013-05-16 19:45:12 -0700 |
commit | d896a4d1fc26b495ee9ecba5d9dfa0ea26829b3c (patch) | |
tree | 1826a5ecb546660ebbdb469ce992a8a92d8a612f /php | |
parent | 8d862b7381e505ee196d550e8a5605020f8ed9d7 (diff) |
Use gss_krb5_import_cred for remctl_set_ccache
If a Kerberos library and gss_krb5_import_cred are available at build
time, libremctl now uses them to implement remctl_set_ccache to avoid
affecting global program GSS-API state. If those requirements are
met, remctl_set_ccache will only affect the remctl context on which
it's called.
This also requires importing the Kerberos portability layer, so make
sure that it's usable for the TAP Kerberos add-on.
Change-Id: I561812d0e36df6adf52d974dd5390953940865c5
Reviewed-on: https://gerrit.stanford.edu/1198
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'php')
-rw-r--r-- | php/README | 13 |
1 files changed, 7 insertions, 6 deletions
@@ -118,12 +118,13 @@ FULL INTERFACE effect on connections that are already open. Returns true on success, false on failure. - For current GSS-API implementations, this will affect not only all - subsequent open() calls for the same object, but all subsequent - remctl connections of any kind from the same process, and even other - GSS-API connections from the same process unrelated to remctl. This - is due to a limitation in the GSS-API that makes this setting a - global setting for the process or thread. + If the remctl client library was built against a Kerberos library + and the GSS-API library supported gss_krb5_import_cred, this call + affects only this connection object. Otherwise, this will affect + not only all subsequent open() calls for the same object, but all + subsequent remctl connections of any kind from the same process, and + even other GSS-API connections from the same process unrelated to + remctl. Not all GSS-API implementations support setting the credential cache. If this is not supported, false (for failure) will be |