On Fri, Mar 21, 2014 at 02:22:47PM +0100, Sumit Bose wrote:
Hi,
a recent patch unified the usage of the krb5_get_init_creds_opt options
to make sure the same set of FAST related options are uses for
authentication and password changes. Before changing the password some
options were set to special values but were not reverted before
requesting a new TGT with the new password. As a result the new TGT will
have some unexpected options set or the request might even fail.
This patch set resets the password change related option to their
original values before requesting the new TGT.
The first two patches are just refactorings which are required to keep
the third patch simple.
bye,
Sumit
On IRC Jakub pointed out that the lifetimes are not correctly reset if
not given explicitly. Additionally he asked to rename
krb5_set_canonicalize().
New versions attached. The rename of krb5_set_canonicalize() is now in a
separate patch.
bye,
Sumit