[17071] in Kerberos_V5_Development
Re: gss_krb5_import_cred fails for Samba
daemon@ATHENA.MIT.EDU (Luke Howard)
Sat Jul 23 06:54:08 2011
Mime-Version: 1.0 (Apple Message framework v1244.3)
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <1311391765.23877.203.camel@t410>
Date: Sat, 23 Jul 2011 10:54:00 +0000
Message-Id: <01380D2E-2B13-4EFB-9A3D-0386D43E08DB@padl.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "samba-technical@samba.org" <samba-technical@samba.org>,
"krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 23/07/2011, at 3:29 AM, Greg Hudson wrote:
> On Fri, 2011-07-22 at 20:14 -0400, Andrew Bartlett wrote:
>> This case is where the principal is specified, and the incoming GSSAPI
>> request has the same key and knvo, but a different server name?
>
> Contrary to what Luke says, I would expect this to work out of the box
> in krb5 1.9. If you look at the logic of
> krb5_rd_req_decrypt_tkt_part() in rd_req_dec.c, you'll see that if
> server != NULL, we look up server in the keytab and ignore
> req->ticket->server.
That is what I said (or intended to say). :-)
-- Luke
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
