[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.
Achim Grolms
achim at grolmsnet.de
Thu Jul 26 14:56:59 EDT 2007
On Thursday 26 July 2007 20:40, Henry B. Hotz wrote:
> > If I understand RFC2744 correct GSS_C_DELEG_FLAG
> > would not be set in that case?
> >
> > Achim
>
> Agreed. That flag shouldn't be set AFAIK, though the value isn't
> valid until negotiation is complete.
That means before trying to store delegated credentials
and before checking GSS_C_DELEG_FLAG
mod_auth_kerb needs to check if gss_accept_sec_context ()
returns major_status = GSS_S_COMPLETE
(checking GSS_ERROR(major_status) does match other non-error states
of major_status)?
Achim
More information about the Kerberos
mailing list