[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gss_accept_sec_context() problem

[ two answers for the price of one :-) ]

Michael Shuldman <michaels@inet.no> writes:
> I can't see any requirement for input_token to be filled when calling
> gss_accept_sec_context() and was expecting GSS_S_CONTINUE_NEEDED.

I don't think it makes much sense to call gss_accept_sec_context with
an empty token.  What would it mean and why would you do it?

GSS_S_CONTINUE_NEEDED is used when authentication requires more steps,
to indicate that you should continue looping around
gss_accept_sec_context (and gss_init_sec_context).

I changed the code to return GSS_S_DEFECTIVE_TOKEN instead of crashing.

> I tried filling input_token with the token gotten on the clientside
> from gss_init_sec_context, a assert() in Heimdal then fails.  I
> guess I'm doing something wrong here?

Can also possible be us doing something wrong. :-)  Just send us the
assert that's failing and we will look at it.