Fixes for S3 DCE/RPC GSSAPI with Heimdal

Andrew Bartlett abartlet at
Wed Apr 27 04:10:09 MDT 2011

On Wed, 2011-04-27 at 08:14 +0000, Love Hörnquist Åstrand wrote:
> 26 apr 2011 kl. 15:07 skrev "Andrew Bartlett" <abartlet at>:
> >> You still unconditionally remove gss_release_oid() when I asked you to
> >> ifdef it out for heimdal given it has problems, but MIT technically
> >> requires it.
> > 
> > Does anyone on the list know a sane way to detect this behaviour, or at
> > the very least if we have compiled against heimdal?  I can't key off
> > SAMBA4_INTERNAL_HEIMDAL because the same should, if I understand
> > correctly, happen against a system heimdal that Samba3 happens to be
> > compiled against. 
> > 
> > I do find this situation (and the lack of any clear documentation
> > describing the correct course of action) very frustrating.  Sadly my
> > frustrating isn't enough to cause this situation not to exist.  
> What gss function return an allocated oid ? I'm asking since gss-Release-oid is not part of the api.

MIT gss_init_sec_context and gss_accept_sec_context apparently.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list