232 * Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE |
232 * Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE |
233 * flag set |
233 * flag set |
234 * @return true if OK-AS_DELEGATE flag is set, otherwise, return false. |
234 * @return true if OK-AS_DELEGATE flag is set, otherwise, return false. |
235 */ |
235 */ |
236 public boolean checkDelegate() { |
236 public boolean checkDelegate() { |
237 return (flags.get(Krb5.TKT_OPTS_DELEGATE)); |
237 return flags.get(Krb5.TKT_OPTS_DELEGATE); |
|
238 } |
|
239 |
|
240 /** |
|
241 * Reset TKT_OPTS_DELEGATE to false, called at credentials acquirement |
|
242 * when one of the cross-realm TGTs does not have the OK-AS-DELEGATE |
|
243 * flag set. This info must be preservable and restorable through |
|
244 * the Krb5Util.credsToTicket/ticketToCreds() methods so that even if |
|
245 * the service ticket is cached it still remembers the cross-realm |
|
246 * authentication result. |
|
247 */ |
|
248 public void resetDelegate() { |
|
249 flags.set(Krb5.TKT_OPTS_DELEGATE, false); |
238 } |
250 } |
239 |
251 |
240 public Credentials renew() throws KrbException, IOException { |
252 public Credentials renew() throws KrbException, IOException { |
241 KDCOptions options = new KDCOptions(); |
253 KDCOptions options = new KDCOptions(); |
242 options.set(KDCOptions.RENEW, true); |
254 options.set(KDCOptions.RENEW, true); |