+ krb5_free_cred_contents(child.kcontext, &v5creds);
+
+ if ( kerror ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", error_message(kerror));
+ goto cleanup;
+ }
+
+ log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: kinit ok for %s", k5user );
+
+ } else if (k5path) {
+ /* If we've got a path to a credentials cache, then try and use that. We can't just
+ * replace child.creds, because we want to ensure that only this request gets access to
+ * that cache */
+
+ if ( ( kerror = krb5_cc_resolve(child.kcontext, k5path, &clientccache ) ) ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "mod_waklog: can't open provided credentials cache %s err=%d",
+ k5path, kerror );
+ goto cleanup;
+ }
+
+ use_client_credentials = 1;
+ }