diff options
author | Russ Allbery <rra@stanford.edu> | 2013-05-16 18:48:11 -0700 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2013-05-16 19:45:12 -0700 |
commit | d896a4d1fc26b495ee9ecba5d9dfa0ea26829b3c (patch) | |
tree | 1826a5ecb546660ebbdb469ce992a8a92d8a612f /python | |
parent | 8d862b7381e505ee196d550e8a5605020f8ed9d7 (diff) |
Use gss_krb5_import_cred for remctl_set_ccache
If a Kerberos library and gss_krb5_import_cred are available at build
time, libremctl now uses them to implement remctl_set_ccache to avoid
affecting global program GSS-API state. If those requirements are
met, remctl_set_ccache will only affect the remctl context on which
it's called.
This also requires importing the Kerberos portability layer, so make
sure that it's usable for the TAP Kerberos add-on.
Change-Id: I561812d0e36df6adf52d974dd5390953940865c5
Reviewed-on: https://gerrit.stanford.edu/1198
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'python')
-rw-r--r-- | python/README | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/python/README b/python/README index 261e155..040977e 100644 --- a/python/README +++ b/python/README @@ -110,12 +110,13 @@ FULL INTERFACE subsequent open() calls on the same object, but will have no effect on connections that are already open. - For current GSS-API implementations, this will affect not only all - subsequent open() calls for the same object, but all subsequent - remctl connections of any kind from the same process, and even other - GSS-API connections from the same process unrelated to remctl. This - is due to a limitation in the GSS-API that makes this setting a - global setting for the process or thread. + If the remctl client library was built against a Kerberos library + and the GSS-API library supported gss_krb5_import_cred, this call + affects only this Remctl object. Otherwise, this will affect not + only all subsequent open() calls for the same object, but all + subsequent remctl connections of any kind from the same process, and + even other GSS-API connections from the same process unrelated to + remctl. Not all GSS-API implementations support setting the credential cache. If this operation is not supported, a RemctlError exception |