gss_krb5_import_cred fails for Samba
Luke Howard
lukeh at padl.com
Sat Jul 23 04:54:00 MDT 2011
On 23/07/2011, at 3:29 AM, Greg Hudson wrote:
> On Fri, 2011-07-22 at 20:14 -0400, Andrew Bartlett wrote:
>> This case is where the principal is specified, and the incoming GSSAPI
>> request has the same key and knvo, but a different server name?
>
> Contrary to what Luke says, I would expect this to work out of the box
> in krb5 1.9. If you look at the logic of
> krb5_rd_req_decrypt_tkt_part() in rd_req_dec.c, you'll see that if
> server != NULL, we look up server in the keytab and ignore
> req->ticket->server.
That is what I said (or intended to say). :-)
-- Luke
More information about the samba-technical
mailing list