Update: Kerberos Ticket Forwarding Patch/Update [3.2]
Jeremy Allison
jra at samba.org
Fri Aug 1 21:06:34 GMT 2008
On Fri, Aug 01, 2008 at 09:58:12PM +0100, Love Hörnquist Åstrand wrote:
>
> 1 aug 2008 kl. 21.49 skrev Jeremy Allison:
>
> >On Fri, Aug 01, 2008 at 09:41:01PM +0100, Love Hörnquist Åstrand
> >wrote:
> >>>
> >>>The only thing left to do is decide how to cope
> >>>with the krb5_mk_1cred() call...
> >>
> >>Just use result of krb5_fwd_tgt_creds() directly and slip the
> >>unwrap +
> >>wrap code ?
> >
> >Errr, ok. Can you explain that to me please ? I'm just making the
> >code compile and not leak memory, I need a refresher on the theory :-
> >(.
>
> fwd_tgt_creds give back a packed KRB-CRED (ie it runs mk_1crd for you).
>
> Your code unpacks it and repacks it again, so if you remove the 50
> lines that does nothing, your done.
Ok, I *officially* don't get what this code is trying to do then :-).
(Note it's not *my* code, this is Derrick's code that I'm trying
to get into the Samba3 "style" and make as portable as possible :-).
So what you're saying is that krb5_fwd_tgt_creds() does everything
needed to delegate, and just calling that is sufficient ?
Derrick, can you and Love sort this out please, and wake me
up to review/commit the code when you've agreed on what needs
to be done :-).
Thanks,
Jeremy.
More information about the samba-technical
mailing list