[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.

Achim Grolms kerberosml at grolmsnet.de
Wed Jul 25 14:56:25 EDT 2007


On Wednesday 25 July 2007 11:55, Mikkel Kruse Johnsen wrote:

> Compiled the mod_auth_kerb with the attched

The modification does a check if GSS_C_DELEG_FLAG
is present.

>From my point of view (a paranoid point of view)
an additional check has to follow:
before the code does the call to store_gss_creds()
The code should check if

delegated_cred != GSS_C_NO_CREDENTIAL

and report this state to logfile and only in case of 
delegated_cred != GSS_C_NO_CREDENTIAL
do the call of store_gss_creds()

Can you give that a try?

Achim




More information about the Kerberos mailing list