KDC canon test and GSSAPI
asn at samba.org
Wed Jul 6 14:54:49 UTC 2016
I've wondered why we are using gensec_krb5 and not gensec_gssapi in the KDC
canon tests. I didn't see a reason in the code why we need gensec_krb5 so I
just replaced it with gensec_gssapi and it works.
Just the test which compares enterprise principals fails, but that test is
wrong. Enterprise principals are used in AS-REQs and are canonicalized. On the
server when they got processed and we call gss_accept_sec_context() it doesn't
matter anymore. We can't expect that the principal comes out unmodified here.
So we I think we should compare it unescaped to get rid of gensec_krb5.
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1524 bytes
Desc: not available
More information about the samba-technical