Final call for changes in 1.4

Sam Hartman hartmans at MIT.EDU
Mon Oct 18 18:40:04 EDT 2004

>>>>> "Douglas" == Douglas E Engert <deengert at> writes:

    Douglas> How quickly is the cutoff? Do I have till tomorrow at
    Douglas> least?  


    Douglas> One change that has come up on the lists from
    Douglas> time to time is having the gssapi accept_sec_context
    Douglas> accept a service ticket where it can find an entry in the
    Douglas> keytab file for matching service name and instance but
    Douglas> any realm.  (rlogin can do this.)  Currently it only
    Douglas> works for the default realm of the host.

Our recommended way of accomplishing this is to pass in
GSS_C_NO_CREDENTIAL and then check the resulting authentication name.

I don't think we are interested in special casing the realm case
although we would be interested in discussing a mechanism that allowed
you to have multiple acceptor credentials you were checking against
for the 1.5 release.
This might also need discussion in kitten.

More information about the krbdev mailing list