Update: Kerberos Ticket Forwarding Patch/Update [3.2]
Jeremy Allison
jra at samba.org
Fri Aug 1 23:53:31 GMT 2008
On Fri, Aug 01, 2008 at 11:36:34PM +0100, Love Hörnquist Åstrand wrote:
> >
> >Yes, I remember running into the horrors that were MIT krb5 memory
> >leaks
> >myself :-). No one knows how to use this API correctly :-).
>
> Just read the man pages....
No one ever does Love, no one ever does :-).
> >Ok, here is a version that calls krb5_fwd_tgt_creds() directly.
> >I also removed the krb5_auth_con_set_req_cksumtype() of type
> >GSSAPI_CHECKSUM, as that's not defined in the
> >krb5_auth_con_set_req_cksumtype() interface. Do we still need
> >that, do the libraries use that checksum type by default
> >or will the receiving code just use whatever checksum
> >is defined in the packet ?
>
> Removing krb5_auth_con_set_req_cksumtype() is bad.
>
> You have to use the right checksum (0x8003) for gss-api, define it
> yourself, its part of the gss-api krb5 rfc's.
Ok, I'll re-enable it :-). Does it need to be done
before the krb5_fwd_tgt_creds() call or after, or
doesn't it matter as long as it's done before
krb5_mk_req_extended() ?
Thanks,
Jeremy.
More information about the samba-technical
mailing list