gss_krb5_import_cred fails for Samba

Luke Howard lukeh at
Fri Jul 22 20:51:51 EDT 2011

> This case is where the principal is specified, and the incoming GSSAPI
> request has the same key and knvo, but a different server name?  We need
> this because AD has an almost infinite number of name aliases, but we
> would like to bind our authentication of those names tightly to the one
> principal we maintain in the keytab.

AFAIK if you want to match-by-key then you need to specify GSS_C_NO_NAME when acquiring the credential.

-- Luke

More information about the krbdev mailing list