Update: Kerberos Ticket Forwarding Patch/Update [3.2]

Derrick Schommer dschommer at F5.com
Fri Aug 1 21:07:51 GMT 2008

I'm currently trying to use the response from fwd_tgt_creds, to see if I can feed it into the call, right now I just get segmentation faults :)


-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: Friday, August 01, 2008 17:07
To: Love Hörnquist Åstrand
Cc: Jeremy Allison; samba-technical at lists.samba.org; Derrick Schommer
Subject: Re: Update: Kerberos Ticket Forwarding Patch/Update [3.2]

On Fri, Aug 01, 2008 at 09:58:12PM +0100, Love Hörnquist Åstrand wrote:
> 1 aug 2008 kl. 21.49 skrev Jeremy Allison:
> >On Fri, Aug 01, 2008 at 09:41:01PM +0100, Love Hörnquist Åstrand  
> >wrote:
> >>>
> >>>The only thing left to do is decide how to cope
> >>>with the krb5_mk_1cred() call...
> >>
> >>Just use result of krb5_fwd_tgt_creds() directly and slip the  
> >>unwrap +
> >>wrap code ?
> >
> >Errr, ok. Can you explain that to me please ? I'm just making the
> >code compile and not leak memory, I need a refresher on the theory :- 
> >(.
> fwd_tgt_creds give back a packed KRB-CRED (ie it runs mk_1crd for you).
> Your code unpacks it and repacks it again, so if you remove the 50  
> lines that does nothing, your done.

Ok, I *officially* don't get what this code is trying to do then :-).

(Note it's not *my* code, this is Derrick's code that I'm trying
to get into the Samba3 "style" and make as portable as possible :-).

So what you're saying is that krb5_fwd_tgt_creds() does everything
needed to delegate, and just calling that is sufficient ?

Derrick, can you and Love sort this out please, and wake me
up to review/commit the code when you've agreed on what needs
to be done :-).



More information about the samba-technical mailing list