SPNEGO and Kerberos credentials
Bryan Kadzban
bryan at kadzban.is-a-geek.net
Thu Jul 3 21:19:39 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
S Rahul wrote:
> But if I select SPNEGO as the mechanism, the credential does not pass
> down to krb5_gss_accept_sec_context(). It gets filtered in the GSSAPI
> layer itself and a new credential is generated when
> spnego_gss_accept_sec_context() calls gss_accept_sec_context().
This sounds similar to the issue I had a few weeks back with SPNEGO and
storing delegated credentials. See krbdev RT, ticket 5807 [1] for one
patch, and see Debian bug 480434 [2] for another.
Looks like your patch modifies the same function as both of these
patches, though it modifies it differently. Do either of these patches
solve the problem you're seeing, or is ypur issue actually different?
(Both patches are basically equivalent: both return the krb5 credential
instead of failing, when the input is an SPNEGO credential. The only
difference is how they get to the SPNEGO OID, to compare it.)
[1]
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=5807
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480434
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIbXqrS5vET1Wea5wRA0OkAKDFLVQK/kFrNgzvxqmbPhu7vgsXagCgx/UQ
DRGSzZ5At+gtaEnA6G+nvOE=
=NJ7a
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list