gss_krb5_import_cred fails for Samba
lukeh at padl.com
Fri Jul 22 20:51:51 EDT 2011
> This case is where the principal is specified, and the incoming GSSAPI
> request has the same key and knvo, but a different server name? We need
> this because AD has an almost infinite number of name aliases, but we
> would like to bind our authentication of those names tightly to the one
> principal we maintain in the keytab.
AFAIK if you want to match-by-key then you need to specify GSS_C_NO_NAME when acquiring the credential.
More information about the krbdev