[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.
Achim Grolms
kerberosml at grolmsnet.de
Wed Jul 25 14:56:25 EDT 2007
On Wednesday 25 July 2007 11:55, Mikkel Kruse Johnsen wrote:
> Compiled the mod_auth_kerb with the attched
The modification does a check if GSS_C_DELEG_FLAG
is present.
>From my point of view (a paranoid point of view)
an additional check has to follow:
before the code does the call to store_gss_creds()
The code should check if
delegated_cred != GSS_C_NO_CREDENTIAL
and report this state to logfile and only in case of
delegated_cred != GSS_C_NO_CREDENTIAL
do the call of store_gss_creds()
Can you give that a try?
Achim
More information about the Kerberos
mailing list