[modauthkerb] mod_auth_kerb, virtualhost and Firefox/Safari
Sam Hartman
hartmans at MIT.EDU
Wed Jul 5 11:59:40 EDT 2006
>>>>> "Douglas" == Douglas E Engert <deengert at anl.gov> writes:
Douglas> The patch was added to let krb5_rd_req use any entry in
Douglas> the keytab, even if a desired_name was passed, check only
Douglas> the service and host. This is consistent with the
Douglas> gss_import_name which only allows the application to
Douglas> specify the service and host and not the realm, therefore
Douglas> don't assume the realm.
We believe that patch would break the intended functioning of the API.
We believe that current MIT Kerberos should accept any principal in the keytab if no acceptor name is passed into gss_accept_sec_context.
More information about the Kerberos
mailing list