When obtaining tickets, we make them forwardable by default. XXX This

should really a configurable option in the UI.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7304 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/windows/cns/changelo b/src/windows/cns/changelo
index 015a211e3a4855bfab795cb6cc354f394174e2d7..1dbb30752e46a9644c6d54aced025b7357ec8855 100644 (file)
--- a/src/windows/cns/changelo
+++ b/src/windows/cns/changelo
@@ -1,3 +1,9 @@
+Wed Jan 10 23:16:41 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+       * cns.c (kwin_command): When obtaining tickets, we make them
+               forwardable by default.  XXX This should really a
+               configurable option in the UI.
+
 Sat Jun 10 23:08:57 1995  Tom Yu  (tlyu@dragons-lair)
 
        * kpasswd.c: krb5_auth_context redefinitions

diff --git a/src/windows/cns/cns.c b/src/windows/cns/cns.c
index d4f3249164a87d7cdcf8dd6c203043b8c75c040c..6d6af861d1b684921b8a5d146ec0eaeeec262e31 100644 (file)
--- a/src/windows/cns/cns.c
+++ b/src/windows/cns/cns.c
@@ -2027,11 +2027,17 @@ kwin_command (
                 code = krb5_us_timeofday(k5_context, &sec, &usec);
                 if (code) break;
                 creds.times.starttime = 0;
-                       creds.times.endtime = sec + 60L * lifetime;
-                       creds.times.renew_till = 0;
-
-                       code = krb5_get_in_tkt_with_password(k5_context, 0, NULL,
-                    NULL, NULL, password, k5_ccache, &creds, 0);
+               creds.times.endtime = sec + 60L * lifetime;
+               creds.times.renew_till = 0;
+               
+               /*
+                * XXX whether or not the credentials should be
+                * forwardable should be a configurable option in the
+                * UI.
+                */
+               code = krb5_get_in_tkt_with_password(k5_context,
+                            KDC_OPT_FORWARDABLE, NULL, NULL, NULL,
+                            password, k5_ccache, &creds, 0);
             } while (0);
 
             if (principal)