Fixes for S3 DCE/RPC GSSAPI with Heimdal
abartlet at samba.org
Sat Apr 16 03:58:37 MDT 2011
I've been working to test the Samba3 binaries produced by the top level
build, and this builds against Samba4's Heimdal at this time.
When you proposed your DCE/RPC GSSAPI patches, you asked that I check
them against Heimdal, and sadly I only got as far are compiling them,
not running them.
These patches makes the DCE/RPC GSSAPI server work with the newly added
ktest tests in Samba3's make test, when run from the top level build.
Can you let me know if these changes are OK, or if you want some further
In particular I'm referring to:
s3-gse: Allow the GSSAPI wrapper to load a keytab using
s3-gse: Don't release the mech OID from gss_accept_security_context
s3-gse Use Heimdal gsskrb5_extract_authz_data_from_sec_context when
s3-gse Don't get the auth time when validating the PAC:
I don't yet have the autoconf/waf tests for the new macros (allowing a
build against a system Heimdal), but I'll add those soon. What I'm
after at the moment is your comment on the meat of these patches.
I can also address the unused variables (in each arm of the #if/#else),
but didn't want the patches to be full of just noise at this stage of
The good news is that with these patches, we can successfully test
Samba3 from the top level build, and means we are but a short way away
from testing Samba3 in combination with Samba4 in the combined build.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical