[11410] in Kerberos-V5-bugs
[krbdev.mit.edu #6604] issues with gss_inquire_context and
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Fri Feb 19 14:19:23 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6604@krbdev.mit.edu>
Message-ID: <rt-6604-32499.13.7390984306344@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6604'":;"'AdminCc of krbdev.mit.edu Ticket #6604'":;@MIT.EDU
Date: Fri, 19 Feb 2010 14:19:21 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
I don't think we are likely to incorporate an unwrapping patch which
works by making the SPNEGO code delve into the internal structure of a
union context.
It sounds like the design Sam had in mind went more like so:
* When the context is established, SPNEGO sets *context_handle to a
union context instead of the wrapped SPNEGO context structure.
* The mechglue detects this somehow and returns that union context to
the caller in lieu of its own union context.
Thus, SPNEGO would unwrap the SPNEGO part of the chain, and the mechglue
would unwrap the mechglue part of the chain, and neither knows about the
other's structures.
I'm not sure how the mechglue is supposed to detect that the subsidiary
mechanism returned a union context.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
