Update: Kerberos Ticket Forwarding Patch/Update [3.2]

Jeremy Allison jra at samba.org
Fri Aug 1 23:53:31 GMT 2008

On Fri, Aug 01, 2008 at 11:36:34PM +0100, Love Hörnquist Åstrand wrote:
> >
> >Yes, I remember running into the horrors that were MIT krb5 memory  
> >leaks
> >myself :-). No one knows how to use this API correctly :-).
> Just read the man pages....

No one ever does Love, no one ever does :-).

> >Ok, here is a version that calls krb5_fwd_tgt_creds() directly.
> >I also removed the krb5_auth_con_set_req_cksumtype() of type
> >GSSAPI_CHECKSUM, as that's not defined in the
> >krb5_auth_con_set_req_cksumtype() interface. Do we still need
> >that, do the libraries use that checksum type by default
> >or will the receiving code just use whatever checksum
> >is defined in the packet ?
> Removing krb5_auth_con_set_req_cksumtype() is bad.
> You have to use the right checksum (0x8003) for gss-api, define it  
> yourself, its part of the gss-api krb5 rfc's.

Ok, I'll re-enable it :-). Does it need to be done
before the krb5_fwd_tgt_creds() call or after, or
doesn't it matter as long as it's done before 
krb5_mk_req_extended() ?



More information about the samba-technical mailing list