Final call for changes in 1.4
hartmans at MIT.EDU
Mon Oct 18 18:40:04 EDT 2004
>>>>> "Douglas" == Douglas E Engert <deengert at anl.gov> writes:
Douglas> How quickly is the cutoff? Do I have till tomorrow at
Douglas> One change that has come up on the lists from
Douglas> time to time is having the gssapi accept_sec_context
Douglas> accept a service ticket where it can find an entry in the
Douglas> keytab file for matching service name and instance but
Douglas> any realm. (rlogin can do this.) Currently it only
Douglas> works for the default realm of the host.
Our recommended way of accomplishing this is to pass in
GSS_C_NO_CREDENTIAL and then check the resulting authentication name.
I don't think we are interested in special casing the realm case
although we would be interested in discussing a mechanism that allowed
you to have multiple acceptor credentials you were checking against
for the 1.5 release.
This might also need discussion in kitten.
More information about the krbdev