explicitly to the -k argument if they want the ticket cache to be set
in the environment with that prefix.
+ Always canonicalize the ticket cache name in k5start before
+ propagating KRB5CCNAME to child processes. This combined with the
+ previous change allows -k to specify a ticket cache name that changes
+ once the cache is created, such as when creating new PIPE caches.
+
krenew now defaults to staying running if renewing credentials fails.
The new -x option restores the previous behavior of exiting on any
error. It will still exit by default (unless -i is used) if the
free(tmp);
config.cache = cache;
config.clean_cache = true;
- }
- if (config.cache == NULL) {
+ } else {
krb5_ccache ccache;
- code = krb5_cc_default(ctx, &ccache);
+ if (config.cache == NULL)
+ code = krb5_cc_default(ctx, &ccache);
+ else
+ code = krb5_cc_resolve(ctx, config.cache, &ccache);
if (code != 0)
- die_krb5(ctx, code, "error opening default ticket cache");
+ die_krb5(ctx, code, "error opening ticket cache");
config.cache = xstrdup(krb5_cc_get_name(ctx, ccache));
krb5_cc_close(ctx, ccache);
- } else {
- if (setenv("KRB5CCNAME", config.cache, 1) != 0)
- die("cannot set KRB5CCNAME environment variable");
}
+ if (setenv("KRB5CCNAME", config.cache, 1) != 0)
+ die("cannot set KRB5CCNAME environment variable");
if (private.set_perms)
config.cache = strip_cache_prefix(config.cache);
projects / kerberos / kstart.git / commitdiff