[17066] in Kerberos_V5_Development
Re: gss_krb5_import_cred fails for Samba
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Jul 22 23:29:30 2011
From: Greg Hudson <ghudson@mit.edu>
To: Andrew Bartlett <abartlet@samba.org>
In-Reply-To: <1311380086.2545.14.camel@ruth>
Date: Fri, 22 Jul 2011 23:29:25 -0400
Message-ID: <1311391765.23877.203.camel@t410>
Mime-Version: 1.0
Cc: "lukeh@PADL.COM" <lukeh@padl.com>, "krbdev@mit.edu" <krbdev@mit.edu>,
"samba-technical@samba.org" <samba-technical@samba.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, 2011-07-22 at 20:14 -0400, Andrew Bartlett wrote:
> This case is where the principal is specified, and the incoming GSSAPI
> request has the same key and knvo, but a different server name?
Contrary to what Luke says, I would expect this to work out of the box
in krb5 1.9. If you look at the logic of
krb5_rd_req_decrypt_tkt_part() in rd_req_dec.c, you'll see that if
server != NULL, we look up server in the keytab and ignore
req->ticket->server.
So, if that's not happening, we'll need further debugging to figure out
why not.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
