a39a4a0 Use a local keytab for creds encryption

3 files Authored by simo 7 years ago, Committed by rharwood 7 years ago,
    Use a local keytab for creds encryption
    
    If available use a keytab for creds encryption.
    Since now we can store encrypted credentials, on the cient side, for later
    reuse, it is better to be able to decrypt them even after a gssproxy daemon
    restart (maintenance, crashes, etc..)
    If a keytab is rotated this can cause a restarted gssproxy to fail to decrypt
    stored credentials, but in that case those credentials are also probably
    useless and need to be refreshed, so this is not a huge deal, and definitely
    better than the status quo.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>
    Reviewed-by: Robbie Harwood <rharwood@redhat.com>
    
        
file modified
+28 -19
file modified
+108 -12
file modified
+6 -5