Final call for changes in 1.4

[Sam Hartman]

>>>>> "Douglas" == Douglas E Engert <deengert at anl.gov> writes:

    Douglas> How quickly is the cutoff? Do I have till tomorrow at
    Douglas> least?  

Yes.

    Douglas> One change that has come up on the lists from
    Douglas> time to time is having the gssapi accept_sec_context
    Douglas> accept a service ticket where it can find an entry in the
    Douglas> keytab file for matching service name and instance but
    Douglas> any realm.  (rlogin can do this.)  Currently it only
    Douglas> works for the default realm of the host.

Our recommended way of accomplishing this is to pass in
GSS_C_NO_CREDENTIAL and then check the resulting authentication name.

I don't think we are interested in special casing the realm case
although we would be interested in discussing a mechanism that allowed
you to have multiple acceptor credentials you were checking against
for the 1.5 release.
This might also need discussion in kitten.