[17065] in Kerberos_V5_Development
Re: gss_krb5_import_cred fails for Samba
daemon@ATHENA.MIT.EDU (Luke Howard)
Fri Jul 22 20:52:01 2011
Mime-Version: 1.0 (Apple Message framework v1244.3)
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <1311380086.2545.14.camel@ruth>
Date: Sat, 23 Jul 2011 00:51:51 +0000
Message-Id: <998DF8D7-7BED-466D-9914-A01A66CDBB08@padl.com>
To: Andrew Bartlett <abartlet@samba.org>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>,
"samba-technical@samba.org" <samba-technical@samba.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
> This case is where the principal is specified, and the incoming GSSAPI
> request has the same key and knvo, but a different server name? We need
> this because AD has an almost infinite number of name aliases, but we
> would like to bind our authentication of those names tightly to the one
> principal we maintain in the keytab.
AFAIK if you want to match-by-key then you need to specify GSS_C_NO_NAME when acquiring the credential.
-- Luke
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
