Heimdal SPNEGO Won't Eat Negprot GSSAPI Token
Love
lha at kth.se
Wed Oct 12 14:48:26 GMT 2005
Michael B Allen <mba2000 at ioplex.com> writes:
> Actually I have since realized that maybe you can't feed NegTokenInit to
> gss_init_sec_context. It seems the GSSAPI+SPNEGO rules are:
So how about this then ?
--- init_sec_context.c 12 Oct 2005 09:25:18 +0200 1.60
+++ init_sec_context.c 12 Oct 2005 16:47:41 +0200
@@ -957,7 +957,10 @@
OM_uint32 * time_rec
)
{
- if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
+ /* ignore input token if we don't have a context,
+ it must be windows server initated SPENGO */
+ if ((input_token == GSS_C_NO_BUFFER || input_token->length == 0) ||
+ *context_handle == GSS_C_NO_CONTEXT ))
return spnego_initial (minor_status,
initiator_cred_handle,
context_handle,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051012/311e79e3/attachment.bin
More information about the samba-technical
mailing list