GSSAPI and anonymous names and credentials
Sam Hartman
hartmans at MIT.EDU
Thu Dec 17 13:27:02 EST 2009
So, we had a discussion a while ago about desired behavior of gss and
anonymous.
As I recall, the conclusion of that discussion included:
If you set the anonymous flag on a context and provide
GSS_C_NO_CREDENTIAL, then the library should try to obtain anonymous
tickets for your use.
What realm should the library contact?
One possible option is that if your service has a realm associated with
it, then the library should contact that realm.
What about the case where the service has a null realm?
More information about the krbdev
mailing list