[16148] in Kerberos_V5_Development

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Patch to ignore service principals when accepting connexions.

daemon@ATHENA.MIT.EDU (Luke Howard)
Wed Aug 25 17:59:17 2010

Mime-Version: 1.0 (Apple Message framework v1081)
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <tslk4newemq.fsf@mit.edu>
Date: Wed, 25 Aug 2010 23:59:08 +0200
Message-Id: <3C53C7CD-D40A-46E4-9264-F0338E98353F@padl.com>
To: Sam Hartman <hartmans@painless-security.com>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

> We introduced a behavior change in 1.7 so that application no longer
> examine the service name encoded in a ticket; instead, they look at
> whether the key matches.  This means that you can have KDC-side aliases

Only if the service passes in GSS_C_NO_CREDENTIAL.

-- Luke

_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home	help	back	first	fref	pref	prev	next	nref	lref	last	post