[krbdev.mit.edu #6604] issues with gss_inquire_context and gss_display_context when using SPNEGO
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Feb 19 14:19:21 EST 2010
I don't think we are likely to incorporate an unwrapping patch which
works by making the SPNEGO code delve into the internal structure of a
union context.
It sounds like the design Sam had in mind went more like so:
* When the context is established, SPNEGO sets *context_handle to a
union context instead of the wrapped SPNEGO context structure.
* The mechglue detects this somehow and returns that union context to
the caller in lieu of its own union context.
Thus, SPNEGO would unwrap the SPNEGO part of the chain, and the mechglue
would unwrap the mechglue part of the chain, and neither knows about the
other's structures.
I'm not sure how the mechglue is supposed to detect that the subsidiary
mechanism returned a union context.
More information about the krb5-bugs
mailing list