Fixes for S3 DCE/RPC GSSAPI with Heimdal

Love Hörnquist Åstrand lha at
Wed Apr 27 08:28:54 MDT 2011

27 apr 2011 kl. 03:10 skrev "Andrew Bartlett" <abartlet at>:

>>>> You still unconditionally remove gss_release_oid() when I asked you to
>>>> ifdef it out for heimdal given it has problems, but MIT technically
>>>> requires it.
>>> Does anyone on the list know a sane way to detect this behaviour, or at
>>> the very least if we have compiled against heimdal?  I can't key off
>>> SAMBA4_INTERNAL_HEIMDAL because the same should, if I understandrele
>>> correctly, happen against a system heimdal that Samba3 happens to be
>>> compiled against. 
>>> I do find this situation (and the lack of any clear documentation
>>> describing the correct course of action) very frustrating.  Sadly my
>>> frustrating isn't enough to cause this situation not to exist.  
>> What gss function return an allocated oid ? I'm asking since gss-Release-oid is not part of the api.
> MIT gss_init_sec_context and gss_accept_sec_context apparently.

ISC and ASC dont require use of gss_release_oid if conforming to the standard. MIT conforms for their base mechs.


More information about the samba-technical mailing list