[krbdev.mit.edu #1445] GSSAPI can fail to generate error in GSS_C_NO_CREDENTIAL case
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Tue Apr 29 16:23:24 EDT 2003
Nico points out that in accept_sec_context, cred->princ is used as the
server component of the call to krb5_mk_error.
This is problematic because sname and srealm are required fields and
cred->princ can be null in the gss_c_no_credential case.
I believe that if cred->princ is null you can get the principal out of
the decoded ap_req.
More information about the krb5-bugs
mailing list