Patch to ignore service principals when accepting connexions.

Luke Howard lukeh at
Wed Aug 25 18:11:51 EDT 2010

On 25/08/2010, at 11:59 PM, Luke Howard wrote:

>> We introduced a behavior change in 1.7 so that application no longer
>> examine the service name encoded in a ticket; instead, they look at
>> whether the key matches.  This means that you can have KDC-side aliases
> Only if the service passes in GSS_C_NO_CREDENTIAL.

... or an acceptor credential acquired for GSS_C_NO_NAME.

-- Luke

More information about the krbdev mailing list