gss_krb5_import_cred fails for Samba

Luke Howard lukeh at padl.com
Sat Jul 23 04:54:00 MDT 2011


On 23/07/2011, at 3:29 AM, Greg Hudson wrote:

> On Fri, 2011-07-22 at 20:14 -0400, Andrew Bartlett wrote:
>> This case is where the principal is specified, and the incoming GSSAPI
>> request has the same key and knvo, but a different server name?
> 
> Contrary to what Luke says, I would expect this to work out of the box
> in krb5 1.9.  If you look at the logic of
> krb5_rd_req_decrypt_tkt_part() in rd_req_dec.c, you'll see that if
> server != NULL, we look up server in the keytab and ignore
> req->ticket->server.


That is what I said (or intended to say). :-)

-- Luke


More information about the samba-technical mailing list