[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [michaels@inet.no: Re: gss_accept_sec_context() problem]
Johan Danielsson wrote,
> Michael Shuldman <michaels@inet.no> writes:
>
> > I can't see any requirement for input_token to be filled when
> > calling gss_accept_sec_context() and was expecting
> > GSS_S_CONTINUE_NEEDED.
>
> No, but I also can't see anything that says you can pass something
> that didn't come from the remote client. From RFC2744:
>
> input_token_buffer buffer, opaque, read token obtained from remote
> application.
>
> Why do you want to pass an empty token, and what do you think it
> should mean?
I don't have any other response to this than what I already said:
'The draft (cbind-09) says that GSS_S_CONTINUE_NEEDED "Indicates
that a token from the peer application is required to complete the
context ...". Isn't that the case here, "a token from the peer
application is required"?'
Anyway, I don't care to argue this. I've stated my interpretation
and if you disagree, fine, it's you who are implementing it and
I'll adapt to that.
I would be more interested to know why Heimdal aborts as per
my previous message.
--
_ //
\X/ -- Michael Shuldman <michaels@inet.no>