samba 4 TP3 and Windows SSPI
Joshua Masiko
geniedren at gmail.com
Tue Nov 14 14:27:48 GMT 2006
HI Andrew
Have u had time to fix DsWriteAccountSpn
I'm now messing with MIT Kerberos GSSAPI on Windows but I can't seem to get
it to
work. Does anyone have any simple instructions on how to test the gss-server
and
gss-client samples that are packaged with the MIT Kerberos 3.0 for Windows.
There are is zero documentation both on the MIT site and the package itself.
On 11/11/06, Stefan (metze) Metzmacher <metze at samba.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andrew Bartlett schrieb:
> > On Fri, 2006-11-10 at 10:37 +1100, Andrew Bartlett wrote:
> >> On Thu, 2006-11-09 at 17:33 +0300, Joshua Masiko wrote:
> >>> DsWriteAccountSpn allows you to de-couple the way the client connects
> from
> >>> the account the server is running under
> >>>
> >>> it basically maps a service principal name to the server account such
> that
> >>> in InitializeSecurityContext the client can specify the SPN as the
> target
> >>> without knowing the account under which the server is running. Details
> are
> >>> on MSDN online.
> >> Looks like a mere matter of implementation, we appear to have figured
> >> out the IDL.
> >
> > Attached is a first implementation. I need get the client testsuite for
> > this runnning as part of 'make test' before I add it to the tree.
>
> Hi Andrew,
>
> please note that a special bind_guid in the DsBind() call is needed,
> when you try a DsWriteAccountSPN(), and we should match the error code
> when not getting the correct bind_guid.
>
> metze
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFFVZ9Bm70gjA5TCD8RAiZkAKCpDuCubKGko+3xxfogXWPIWON/KQCfVSgj
> uyB+eVJ/CJwFAjpQhwarelU=
> =0BTg
> -----END PGP SIGNATURE-----
>
More information about the samba-technical
mailing list