[16151] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Patch to ignore service principals when accepting connexions.

daemon@ATHENA.MIT.EDU (Luke Howard)
Wed Aug 25 18:11:54 2010

Mime-Version: 1.0 (Apple Message framework v1081)
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <3C53C7CD-D40A-46E4-9264-F0338E98353F@padl.com>
Date: Thu, 26 Aug 2010 00:11:51 +0200
Message-Id: <88B01285-4690-4590-9F1C-E9F0528F8BCE@padl.com>
To: "krbdev@mit.edu List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu


On 25/08/2010, at 11:59 PM, Luke Howard wrote:

>> We introduced a behavior change in 1.7 so that application no longer
>> examine the service name encoded in a ticket; instead, they look at
>> whether the key matches.  This means that you can have KDC-side aliases
> 
> Only if the service passes in GSS_C_NO_CREDENTIAL.

... or an acceptor credential acquired for GSS_C_NO_NAME.

-- Luke

_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16151] in Kerberos_V5_Development

Re: Patch to ignore service principals when accepting connexions.

daemon@ATHENA.MIT.EDU (Luke Howard)Wed Aug 25 18:11:54 2010

daemon@ATHENA.MIT.EDU (Luke Howard)
Wed Aug 25 18:11:54 2010