[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.

Achim Grolms achim at grolmsnet.de
Fri Jul 27 14:19:58 EDT 2007


On Friday 27 July 2007 09:14, Mikkel Kruse Johnsen wrote:

> After the patch (attached) I get this.

I think your patch does my idea wrong.

Your patch checks

major_status == GSS_S_COMPLETE

but in your patch  major_status is the return-value of gss_display_name(),
not of accept_sec_token.

You need to store the return-value of accept_sec_token
in a 2nd variable, "major_status_accept" for example
and check 

major_status_accept == GSS_S_COMPLETE
(or move the delegation-store-code direct below the
accept_sec_token() so major_status really holds the value
of accept_sec_token.

Maybe the client tries to to mutual authentication and the
TGT is only delegated *after* the mutual-auth-roundrip has finished?

Achim



More information about the Kerberos mailing list