Allow S4U2Proxy service tickets to be cached
authorGreg Hudson <ghudson@mit.edu>
Wed, 7 Dec 2011 19:38:22 +0000 (19:38 +0000)
committerGreg Hudson <ghudson@mit.edu>
Wed, 7 Dec 2011 19:38:22 +0000 (19:38 +0000)
Previous to this change, the GSS code avoids caching S4U2Proxy results
for fear of the memory cache growing without bound, but that seems
unlikely to be a serious problem.  Allow these to be cached.

ticket: 7047

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25530 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/init_sec_context.c

index d7b9ffa039c1266fc8452d70199d5c24f8cb9962..07baefa07e6f462c53f4ff064b9061b88cc653c9 100644 (file)
@@ -148,9 +148,7 @@ static krb5_error_code get_credentials(context, cred, server, now,
         !krb5_principal_compare(context, cred->impersonator, server->princ)) {
         krb5_creds mcreds;
 
-        flags |= KRB5_GC_CANONICALIZE |
-            KRB5_GC_NO_STORE |
-            KRB5_GC_CONSTRAINED_DELEGATION;
+        flags |= KRB5_GC_CANONICALIZE | KRB5_GC_CONSTRAINED_DELEGATION;
 
         memset(&mcreds, 0, sizeof(mcreds));