[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1

To: Markus Moeller <huaraz@moeller.plus.com>
Subject: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 4 Dec 2007 21:22:08 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <C1A08CF3-7BE2-4A72-82E3-653B08893B35@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <fh08tb$qk5$1@ger.gmane.org> <fh4jdr$p46$1@ger.gmane.org> <fh4no2$l87$1@ger.gmane.org> <C1A08CF3-7BE2-4A72-82E3-653B08893B35@kth.se>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>

Hej Markus,


>> When I use in case 4) instead of GSS_C_NO_NAME  HTTP/fqdn I get the
>> following error:
>>
>> [Sat Nov 10 16:37:54 2007] [error] [client 192.168.1.10] mod_spnego:
>> gss_accept_sec_context failed; GSS-API:  Miscellaneous failure (see  
>> text))
>> [Sat Nov 10 16:37:54 2007] [error] [client 192.168.1.10] mod_spnego:
>> gss_accept_sec_context failed; GSS-API mechanism: Decrypt integrity  
>> check
>> failedxt))
>>
>> It seems gss_acquire_creds needs a desired name != GSS_C_NO_NAME   
>> to accept
>> kerberos 5 as a mechanism.
>> e.g. In acquire_acceptor_cred
>
> This seems to be the case. I never expected that people would use  
> gss_acquire_cred()
> without name. The gss_acccept_sec_context() supports that, so I  
> guess this should be fixed.

This should be fixed in 1.0.2RC5, if its not, please try  
heimdal-20071205.dmg too since there are more fixes for related stuff  
i fixed todo.

Love

References:
- Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: Should kadmin ask for password
Next by Date: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
Prev by thread: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
Next by thread: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1
Index(es):
- Date
- Thread