8 Jul
2024
8 Jul
'24
7:21 p.m.
On Mon Jul 8 19:07:32 2024 +0000, Hans Leidekker wrote:
Shouldn't we call init_creds() here like we do for SECPKG_CRED_OUTBOUND?
init_creds() does more harm actually, for instance when AcquireCredentialsHandle is called without password it completely trashes an existing kerberos ticket instead of relying on default behaviour, at least under Windows password is not required when the user is already logged on into the domain. So, I'd completely remove the init_creds() helper. If you think that's the intended behaviour I'll add the init_creds() call though.