GSSAPI and anonymous names and credentials

Sam Hartman hartmans at MIT.EDU
Thu Dec 17 13:27:02 EST 2009

So, we had a discussion a while ago about desired behavior of gss and

As I recall, the conclusion of that discussion included:

If you set the anonymous flag on a context and provide
GSS_C_NO_CREDENTIAL, then the library should try to obtain anonymous
tickets for your use.

What realm should the library contact?

One possible option is that if your service has a realm associated with
it, then the library should contact that realm.

What about the case where the service has a null realm?

More information about the krbdev mailing list