[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1

To: heimdal-discuss@sics.se
Subject: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Sun, 9 Dec 2007 12:49:14 -0000
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <fh08tb$qk5$1@ger.gmane.org> <fjc88n$8tk$1@ger.gmane.org> <03A7ED3C-357C-402A-AB68-BA564F407F9F@kth.se>
Reply-To: heimdal-discuss@sics.se, "Markus Moeller" <huaraz@moeller.plus.com>
Sender: news <news@ger.gmane.org>

Thank you.
Markus

BTW Would the cross realm have worked with a Heimdal kdc instead of MIT ?



"Love Hörnquist Åstrand" <lha@kth.se> wrote in message 
03A7ED3C-357C-402A-AB68-BA564F407F9F@kth.se">news:03A7ED3C-357C-402A-AB68-BA564F407F9F@kth.se...
> Hello Markus,
>
> I added an option to trunk to disable the PAC check, but since my  change 
> require ABI change I've not pulled it up to the release branch.
>
> [libdefaults]
> check_pac = no
>
> Love
>
>
>
> 7 dec 2007 kl. 14.51 skrev Markus Moeller:
>
>> A small update on this:
>>
>> The environment is based on a cross-realm between a w2k3 kdc and a  MIT 
>> kdc.
>> Clients are in w2k3 and the HTTP service principal on MIT.  (sorry for
>> missing out on this details)
>>
>> The issue I experience seems to be related to the crosss realm setup  and 
>> how
>> MIT treats the pac data.
>>
>> Markus
>>
>> "Markus Moeller" <huaraz@moeller.plus.com> wrote in message
>> news:fh08tb$qk5$1@ger.gmane.org...
>>> I used mod_spnego for some time successfully with heimdall 0.7.2.  After
>>> upgrading to heimdal 1.0.1 I get the following error:
>>>
>>> [Thu Nov 08 23:31:04 2007] [error] [client 192.168.1.10] mod_spnego:
>>> gss_accept_sec_context failed; GSS-API: continuation call to routine
>>> required)
>>> [Thu Nov 08 23:31:04 2007] [error] [client 192.168.1.10] mod_spnego:
>>> gss_accept_sec_context failed; GSS-API mechanism: unknown mech-code  0 
>>> for
>>> mech unknown)
>>>
>>>
>>> Why does gss_accept_sec_context  now require a continuation ?
>>>
>>> Markus
>>>
>>>
>>>
>>>
>>
>>
>>
>
>

Follow-Ups:
- MIT AD Trust PAC handling
  - From: Michael B Allen <miallen@ioplex.com>

References:
- Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
  - From: "Markus Moeller" <huaraz@moeller.plus.com>
- Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
Next by Date: heimdal 1.0.2RC6
Prev by thread: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
Next by thread: MIT AD Trust PAC handling
Index(es):
- Date
- Thread