gss_accept_sec_context failing after getting service ticket using service name and password

Sam Hartman hartmans at MIT.EDU
Sun May 28 22:36:39 EDT 2006

>>>>> "Michael" == Michael B Allen <mba2000 at> writes:

    Michael> On Fri, 26 May 2006 01:25:39 -0500
    Michael> Nicolas Williams <Nicolas.Williams at> wrote:

    >> > Is there a way > to convert from krb5_creds to gss_cred_id_t?
    >> No, there isn't.
    >> For Solaris Nevada we're looking at adding a mechanism-specific
    >> gss_acquire_cred_from_ccache() GSS-API extension.

    Michael> At some point don't you just want to punt and use opaque
    Michael> types? Using an import/export or inquire_by_oid kind of
    Michael> interface implies the result can be represented in a
    Michael> serialized form which is somewhat annoying.

We've discussed this with regard to a similar issue in the kitten
working group and concluded that at least for things we want to
standardize, we always want to guarantee there is a serialized form.


More information about the krbdev mailing list