[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [michaels@inet.no: Re: gss_accept_sec_context() problem]



Johan Danielsson wrote,
> Michael Shuldman <michaels@inet.no> writes:
> 
> > I can't see any requirement for input_token to be filled when
> > calling gss_accept_sec_context() and was expecting
> > GSS_S_CONTINUE_NEEDED.
> 
> No, but I also can't see anything that says you can pass something
> that didn't come from the remote client. From RFC2744:
> 
>    input_token_buffer   buffer, opaque, read token obtained from remote
>                         application.
> 
> Why do you want to pass an empty token, and what do you think it
> should mean?

I don't have any other response to this than what I already said:
'The draft (cbind-09) says that GSS_S_CONTINUE_NEEDED "Indicates
that a token from the peer application is required to complete the
context ...".  Isn't that the case here, "a token from the peer
application is required"?'

Anyway, I don't care to argue this.  I've stated my interpretation
and if you disagree, fine, it's you who are implementing it and
I'll adapt to that.

I would be more interested to know why Heimdal aborts as per
my previous message.

-- 
  _ // 
  \X/ -- Michael Shuldman <michaels@inet.no>