c37f1b3e4f
Prior to this change _krb5_get_cred_kdc_any() would include TGTs obtained via KDC referrals in the "*ret_tgts" array returned to the caller. The caller typically stores these TGTs in the active credential cache. However, referrals TGTs must not be cached or reused for any request beyond the one it was issued for. The referral is for a specific service principal and the resulting TGT could include service specific AuthData. The referral might also direct the client along a transitive path that is specific to this service and not applicable in the general case. This change removes the *ret_tgts parameter from get_cred_kdc_referral() so that the obtained TGTs are never returned to its caller. This also prevents these TGTs from being used by any subsequent call to get_cred_kdc_capath(). Change-Id: Iacc76c5b1639af3cf6bf277966cfd1535dd1e84d
Heimdal is a Kerberos 5 implementation. For information how to install see <http://www.h5l.org/compile.html>. There are briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them: <heimdal-bugs@h5l.org>. For more information see the web-page at <http://www.h5l.org/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.