Patch to ignore service principals when accepting connexions.
Luke Howard
lukeh at padl.com
Wed Aug 25 18:11:51 EDT 2010
On 25/08/2010, at 11:59 PM, Luke Howard wrote:
>> We introduced a behavior change in 1.7 so that application no longer
>> examine the service name encoded in a ticket; instead, they look at
>> whether the key matches. This means that you can have KDC-side aliases
>
> Only if the service passes in GSS_C_NO_CREDENTIAL.
... or an acceptor credential acquired for GSS_C_NO_NAME.
-- Luke
More information about the krbdev
mailing list