[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: trouble with forwarded tgt from windows client
I forgot to ask about this earlier.... So in the same setup (Windows
client obtains a forwardable TGT from Windows kdc and sends to Heimdal),
when we call Heimdal's gss_accept_sec_context() to get the delegated
credential, it actually fails. We track this down to krb5_rd_cred(),
where it's checking the timestamp, and both enc_krb_cred_part.timestamp
and enc_krb_cred_part.usec are NULL. We comment out the check, and
gss_accept_sec_context() succeeds without any apparent bad side effect.
So any ideas on this? Is there a way to turn off the
KRB5_AUTH_CONTEXT_DO_TIME flag? Thanks!