Fixes for S3 DCE/RPC GSSAPI with Heimdal

Luke Howard lukeh at
Fri Apr 22 07:31:51 MDT 2011

> BTW: gss_wrap_iov() doesn't work with all encryption types in heimdal.

Yes, good point. MIT supports all enctypes.

BTW, does this mean that Samba 3 now can use GSS-API out of the box? I'd like to test it with GSS EAP. What happens if the authorisation data isn't available -- will it fallback to winbindd or something? (It's possible to tunnel authorisation data via GSS EAP but for a proof of concept I'd like to avoid it.)

Of course, I'm happy to use either Samba 3 or 4; I just haven't looked at either trees for a few years now.

-- Luke

More information about the samba-technical mailing list