[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: trouble with forwarded tgt from windows client

I forgot to ask about this earlier....  So in the same setup (Windows
client obtains a forwardable TGT from Windows kdc and sends to Heimdal),
when we call Heimdal's gss_accept_sec_context() to get the delegated
credential, it actually fails.  We track this down to krb5_rd_cred(),
where it's checking the timestamp, and both enc_krb_cred_part.timestamp
and enc_krb_cred_part.usec are NULL.  We comment out the check, and
gss_accept_sec_context() succeeds without any apparent bad side effect.
So any ideas on this?  Is there a way to turn off the

Zi-Bin Yang