krb5-libs/1022: accept_sec_context() specifies principal to rd_req()

Sam Hartman hartmans at MIT.EDU
Mon Apr 8 13:51:00 EDT 2002

This patch seems wrong because it ignores a principal name that was
supplied.  It seems that allowing gss_accept_sec_context to work with
a default credential (as gss_init_sec_context does), or to allow
gss_acquire_creds to take a default name would be preferable to your proposed solution.

I'd be interested in a patch to this problem, but I don't feel
comfortable with a patch that throws away information from the
application when it is supplied.  Just as krb5_rd_req has a fourth
argument, GSSAPI should respect the service name when provided.

More information about the krbdev mailing list