[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.
Douglas E. Engert
deengert at anl.gov
Thu Jul 26 15:54:54 EDT 2007
Achim Grolms wrote:
> On Thursday 26 July 2007 20:40, Henry B. Hotz wrote:
>
>>> If I understand RFC2744 correct GSS_C_DELEG_FLAG
>>> would not be set in that case?
>>>
>>> Achim
>> Agreed. That flag shouldn't be set AFAIK, though the value isn't
>> valid until negotiation is complete.
>
> That means before trying to store delegated credentials
> and before checking GSS_C_DELEG_FLAG
> mod_auth_kerb needs to check if gss_accept_sec_context ()
> returns major_status = GSS_S_COMPLETE
Correct.
> (checking GSS_ERROR(major_status) does match other non-error states
> of major_status)?
Yes that is a macro to mask out the error bits s they can be tested.
>
> Achim
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list