GSS/SPNEGO/mechglue/krb5 patches for 1.8

Nicolas Williams Nicolas.Williams at
Wed Jan 20 15:57:16 EST 2010

On Wed, Jan 20, 2010 at 03:37:01PM -0500, Luke Howard wrote:
> I haven't looked at the ticket, but I'm not sure if this is a bug. My
> understanding from Nico is that you should acquire credentials for the target
> mechanism, that is, if you are using SPNEGO you should use SPNEGO credentials.


Either use GSS_C_NO_CREDENTIAL, or, if you must control what credentials
to use, then use gss_acquire_cred() and/or gss_add_cred() for each
mechanism that you care about, _including_ SPNEGO if you wish to use
SPNEGO.  In addition, if you want to control what mechanisms SPNEGO will
negotiate, and with what preference, then use gss_set_neg_mechs() on the
credential handle.


More information about the krbdev mailing list