Update: Kerberos Ticket Forwarding Patch/Update [3.2]

Love Hörnquist Åstrand lha at kth.se
Fri Aug 1 22:36:34 GMT 2008

> Yes, I remember running into the horrors that were MIT krb5 memory  
> leaks
> myself :-). No one knows how to use this API correctly :-).

Just read the man pages....

> Ok, here is a version that calls krb5_fwd_tgt_creds() directly.
> I also removed the krb5_auth_con_set_req_cksumtype() of type
> GSSAPI_CHECKSUM, as that's not defined in the
> krb5_auth_con_set_req_cksumtype() interface. Do we still need
> that, do the libraries use that checksum type by default
> or will the receiving code just use whatever checksum
> is defined in the packet ?

Removing krb5_auth_con_set_req_cksumtype() is bad.

You have to use the right checksum (0x8003) for gss-api, define it  
yourself, its part of the gss-api krb5 rfc's.


More information about the samba-technical mailing list