Kerberos Ticket Forwarding Patch/Update (3.2)

[Jeremy Allison]

On Wed, Jul 30, 2008 at 11:32:50PM -0400, Derrick Schommer wrote:

> I'm looking into the gss API, honestly, I've never used them before so there
> is a bit of a learning curve, there seems to be no great documentation to
> build a gss security context with a GSS Checksum. I think I get the
> "theory," I'm just struggling on time to build it, as I'm currently wearing
> "many hats" here and trying to get this through along with other internal
> work. Currently, I'm reading the header files and the samba sources to see
> if I can build a GSS API checksum in the context rather than my silly gss
> checksum structure.

I usually start by digging into the MIT krb5 sources for their
latest release. It's not so bad to figure things out from there
once you're used to messing with it.

> If you've got any GSS-API guru's that can tell me how to (or show me how to)
> take my silly GSS checksum "hack" and build it into the real gss API I'd
> love to learn. I'm going to try my hand at it this week, I hope, before I
> give in and just little-endian byte order my field values and say it
> works...

If that's what you have to do to make it work, then I'd go that route :-).

> I've not worked with the code I wrote in this patch (or kerberos) for about
> three years, so I'm a bit out of practice. I'm a stickler for doing it
> right, so I really want to strive to make it perfect. If that means
> submitting something that works today and cleaning it up in a future
> release, I'd rather do that than give you guys something you think isn't on
> par with a samba code drop.

That works for me :-).

Thanks !

Jeremy.