Lion Kerberos inconsistently handles API ccaches

Originator:shadow
Number:rdar://9824491 Date Originated:
Status: Resolved:
Product:MacOS Product Version:10.7.0
Classification: Reproducible:
 
Summary:

in prior versions API ccaches could be set of the form API:(number); In the current version, this format, as well as the new API:(userid):(number), are handled inconsistently

Steps to Reproduce:
kinit someone
export KRB5CCNAME API:2
kinit someone-else
klist

Expected Results:
klist should show someone-else in an altername ccache

Actual Results:
klist claims no ccache; meanwhile, default ccache if none specified now points elsewhere.

Regression:
behavior worked in prior versions. kinit to a new ccache did not modify things other than if the caller overrode environment

Notes:
A typescript of reproducing this:

[scully:openafs-stable-1_6_x/src/aklog] shadow% kinit shadow
shadow@ANDREW.CMU.EDU's Password: 
[scully:openafs-stable-1_6_x/src/aklog] shadow% klist
Credentials cache: API:501:9
        Principal: shadow@ANDREW.CMU.EDU

  Issued           Expires          Principal
Jul 22 15:23:03  Jul 23 01:23:00  krbtgt/ANDREW.CMU.EDU@ANDREW.CMU.EDU
[scully:openafs-stable-1_6_x/src/aklog] shadow% setenv KRB5CCNAME API:2
[scully:openafs-stable-1_6_x/src/aklog] shadow% klist
klist: krb5_cc_get_principal: No credentials cache file found
[scully:openafs-stable-1_6_x/src/aklog] shadow% kinit shadow/admin@DEMENTIA.ORG
shadow/admin@DEMENTIA.ORG's Password: 
[scully:openafs-stable-1_6_x/src/aklog] shadow% klist
klist: krb5_cc_get_principal: No credentials cache file found
[scully:openafs-stable-1_6_x/src/aklog] shadow% unsetenv KRB5CCNAME
[scully:openafs-stable-1_6_x/src/aklog] shadow% klist
Credentials cache: API:501:47
        Principal: shadow/admin@DEMENTIA.ORG

  Issued           Expires          Principal
Jul 22 15:27:27  Jul 23 01:27:24  krbtgt/DEMENTIA.ORG@DEMENTIA.ORG
[scully:openafs-stable-1_6_x/src/aklog] shadow% setenv KRB5CCNAME API:501:50
[scully:openafs-stable-1_6_x/src/aklog] shadow% kinit shadow@DEMENTIA.ORG
shadow@DEMENTIA.ORG's Password: 
kl[scully:openafs-stable-1_6_x/src/aklog] shadow% klist
klist: krb5_cc_get_principal: No credentials cache file found
[scully:openafs-stable-1_6_x/src/aklog] shadow% unsetenv KRB5CCNAME
[scully:openafs-stable-1_6_x/src/aklog] shadow% klist
Credentials cache: API:501:49
        Principal: shadow@DEMENTIA.ORG

  Issued           Expires          Principal
Jul 22 15:30:30  Jul 23 01:30:27  krbtgt/DEMENTIA.ORG@DEMENTIA.ORG

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!