diff options
author | Greg Hudson <ghudson@mit.edu> | 2020-12-14 13:16:17 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-12-18 12:41:30 -0500 |
commit | 0d56740ab9fcc40dc7f46c6fbebdf8f1214f9d96 (patch) | |
tree | 01a7578270fdde645e854cb2ea7f6ee090f2b986 /doc | |
parent | 0fdc59ef5e538fdf0fd65fa190483e84289f66c1 (diff) | |
download | krb5-0d56740ab9fcc40dc7f46c6fbebdf8f1214f9d96.tar.gz |
Add support for start_realm cache config
When making TGS requests, if start_realm is set in the cache, use the
named realm to look up the initial TGT for referral or cross-realm
requests. (Also correct a comment in struct _tkt_creds_context: the
ccache field is an owner pointer, not an alias.)
Add an internal API k5_cc_store_primary_cred(), which sets start_realm
if the cred being stored is a TGT for a realm other than the client
realm. Use this API when acquiring initial tickets with a
caller-specified output ccache, when renewing or validating tickets
with kinit, when accepting a delegated credential in a GSS context,
and when storing a single cred with kvno --out-cache.
ticket: 8332
tags: pullup
target_version: 1.19
Diffstat (limited to 'doc')
-rw-r--r-- | doc/formats/ccache_file_format.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/formats/ccache_file_format.rst b/doc/formats/ccache_file_format.rst index 6349e0d29..6138c1b58 100644 --- a/doc/formats/ccache_file_format.rst +++ b/doc/formats/ccache_file_format.rst @@ -174,3 +174,9 @@ refresh_time decimal representation of a timestamp at which the GSS mechanism should attempt to refresh the credential cache from the client keytab. + +start_realm + This key indicates the realm of the ticket-granting ticket to be + used for TGS requests, when making a referrals request or + beginning a cross-realm request. If it is not present, the client + realm is used. |