Update: Kerberos Ticket Forwarding Patch/Update [3.2]
Love Hörnquist Åstrand
lha at kth.se
Fri Aug 1 22:36:34 GMT 2008
>
> Yes, I remember running into the horrors that were MIT krb5 memory
> leaks
> myself :-). No one knows how to use this API correctly :-).
Just read the man pages....
> Ok, here is a version that calls krb5_fwd_tgt_creds() directly.
> I also removed the krb5_auth_con_set_req_cksumtype() of type
> GSSAPI_CHECKSUM, as that's not defined in the
> krb5_auth_con_set_req_cksumtype() interface. Do we still need
> that, do the libraries use that checksum type by default
> or will the receiving code just use whatever checksum
> is defined in the packet ?
Removing krb5_auth_con_set_req_cksumtype() is bad.
You have to use the right checksum (0x8003) for gss-api, define it
yourself, its part of the gss-api krb5 rfc's.
Love
More information about the samba-technical
mailing list