From: Jeffrey Altman Date: Mon, 15 Dec 2003 15:55:15 +0000 (+0000) Subject: * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT X-Git-Tag: krb5-1.4-beta1~700 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9cda449368c5a04eafce6bc4ae0fffdd6050c43e;p=krb5.git * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT has expired. This will force the LSA to get a new TGT instead of returning the expired version. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15924 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index bc77c41c1..edfed8589 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,9 @@ +2003-12-15 Jeffrey Altman + + * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT + has expired. This will force the LSA to get a new TGT instead of + returning the expired version. + 2003-12-15 Jeffrey Altman * cc_mslsa.c: Perform a GetMSTGT() call as part of krb5_lcc_start_seq_get diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 531fed131..039959a4e 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -489,15 +489,14 @@ PurgeMSTGT(HANDLE LogonHandle, ULONG PackageId) return TRUE; } -// -// #define ENABLE_PURGING +#define ENABLE_PURGING 1 // to allow the purging of expired tickets from LSA cache. This is necessary // to force the retrieval of new TGTs. Microsoft does not appear to retrieve // new tickets when they expire. Instead they continue to accept the expired -// tickets. I do not want to enable purging of the LSA cache without testing -// the side effects in a Windows domain with a machine which has been suspended, -// removed from the network, and resumed after ticket expiration. -// +// tickets. This is safe to do because the LSA purges its cache when it +// retrieves a new TGT (ms calls this renew) but not when it renews the TGT +// (ms calls this refresh). + static BOOL GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) {