From 0f899e6d862994ffb437ae73e087c4a21ab59723 Mon Sep 17 00:00:00 2001 From: "kwc@citi.umich.edu" Date: Mon, 3 Jul 2006 18:34:16 -0400 Subject: [PATCH] Limit acquire_cred call to to Kerberos only Signed-off-by: Kevin Coffman Specify that the acquire_cred call should only be concerned with returning Kerberos credentials since this is Kerberos-only functionality. --- utils/gssd/krb5_util.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 3030c3f..2f5e70e 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -280,11 +280,16 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid) { u_int maj_stat, min_stat; gss_cred_id_t credh; + gss_OID_set_desc desired_mechs; krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC }; int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]); + /* We only care about getting a krb5 cred */ + desired_mechs.count = 1; + desired_mechs.elements = &krb5oid; + maj_stat = gss_acquire_cred(&min_stat, NULL, 0, - GSS_C_NULL_OID_SET, GSS_C_INITIATE, + &desired_mechs, GSS_C_INITIATE, &credh, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { -- 2.39.5