[16676] in Kerberos_V5_Development
Re: Cannot get name from default acceptor cred
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Mar 9 15:29:44 2011
From: Sam Hartman <hartmans@mit.edu>
To: "Sriram Nambakam" <snambakam@likewise.com>
Date: Wed, 09 Mar 2011 15:29:15 -0500
In-Reply-To: <23447137FA0DAA4D95EF535FF356BE4606105EE1@mse3be2.mse3.exchange.ms>
(Sriram Nambakam's message of "Wed, 9 Mar 2011 14:10:08 -0500")
Message-ID: <tslr5aghwbo.fsf@mit.edu>
MIME-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
You've correctly described the MIT behavior.
I think it would be reasonably challenging to figure out whether RFC
2743 permits this behavior or not.
Section 1.1.1.3 clearly permits the behavior if GSS_C_NO_CREDENTIAL is
passed into gss_accept_sec_context.
Actually between section 1.1.3 and 2.1.1 it seems fairly clear that the
MIT behavior is permitted by the specification.
--Sam
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
