Fixes for S3 DCE/RPC GSSAPI with Heimdal

Andrew Bartlett abartlet at
Sat Apr 16 03:58:37 MDT 2011


I've been working to test the Samba3 binaries produced by the top level
build, and this builds against Samba4's Heimdal at this time.

When you proposed your DCE/RPC GSSAPI patches, you asked that I check
them against Heimdal, and sadly I only got as far are compiling them,
not running them.

These patches makes the DCE/RPC GSSAPI server work with the newly added
ktest tests in Samba3's make test, when run from the top level build. 

Can you let me know if these changes are OK, or if you want some further

In particular I'm referring to:

s3-gse: Allow the GSSAPI wrapper to load a keytab using

s3-gse: Don't release the mech OID from gss_accept_security_context;a=commitdiff;h=e5eadad3bce2b1f57ffb01aa65b6880fd5fe20c4

s3-gse Use Heimdal gsskrb5_extract_authz_data_from_sec_context when

s3-gse Don't get the auth time when validating the PAC:;a=commitdiff;h=85350063468dca54aefc4cc905d13d4aaa81ddd0

I don't yet have the autoconf/waf tests for the new macros (allowing a
build against a system Heimdal), but I'll add those soon.  What I'm
after at the moment is your comment on the meat of these patches.   

I can also address the unused variables (in each arm of the #if/#else),
but didn't want the patches to be full of just noise at this stage of

The good news is that with these patches, we can successfully test
Samba3 from the top level build, and means we are but a short way away
from testing Samba3 in combination with Samba4 in the combined build. 


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list