From 87127004d4de670852027006079d10fbf6a56e78 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 18 Oct 2011 20:18:44 +0000 Subject: [PATCH] pull up r25076 from trunk ------------------------------------------------------------------------ r25076 | ghudson | 2011-08-08 14:27:15 -0400 (Mon, 08 Aug 2011) | 14 lines ticket: 6941 subject: Fix accidental KDC use of replay cache target_version: 1.9.2 tags: pullup r24464 (ticket #6804) intended to remove the KDC replay cache by eliminating all of the USE_RCACHE code, but it had the unintended side effect of causing krb5_rd_req_decoded to use the default server rcache. Using this cache is much less efficient because it is opened and re-read for each request. Set appropriate flags on the auth context to disable replay cache use for TGS requests altogether. ------------------------------------------------------------------------ ticket: 6941 version_fixed: 1.9.2 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@25374 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/kdc_util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 62fea6fdb..2913738d2 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -249,6 +249,10 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, if ((retval = krb5_auth_con_init(kdc_context, &auth_context))) goto cleanup; + /* Don't use a replay cache. */ + if ((retval = krb5_auth_con_setflags(kdc_context, auth_context, 0))) + goto cleanup; + if ((retval = krb5_auth_con_setaddrs(kdc_context, auth_context, NULL, from->address)) ) goto cleanup_auth_context; -- 2.26.2