[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: trouble with forwarded tgt from windows client

To: <heimdal-discuss@sics.se>
Subject: RE: trouble with forwarded tgt from windows client
From: "Zi-Bin Yang" <zbyang@decru.com>
Date: Tue, 18 Nov 2003 15:16:08 -0800
Importance: Normal
In-Reply-To: <01bc01c3ae24$2a1d12f0$31170a0a@HQ.DeCru.com>
Organization: Decru, Inc.
Sender: owner-heimdal-discuss@sics.se

I forgot to ask about this earlier....  So in the same setup (Windows
client obtains a forwardable TGT from Windows kdc and sends to Heimdal),
when we call Heimdal's gss_accept_sec_context() to get the delegated
credential, it actually fails.  We track this down to krb5_rd_cred(),
where it's checking the timestamp, and both enc_krb_cred_part.timestamp
and enc_krb_cred_part.usec are NULL.  We comment out the check, and
gss_accept_sec_context() succeeds without any apparent bad side effect.
So any ideas on this?  Is there a way to turn off the
KRB5_AUTH_CONTEXT_DO_TIME flag?  Thanks!

Zi-Bin Yang
DECRU, INC

Follow-Ups:
- Re: trouble with forwarded tgt from windows client
  - From: Love <lha@stacken.kth.se>

References:
- RE: trouble with forwarded tgt from windows client
  - From: "Zi-Bin Yang" <zbyang@decru.com>

Prev by Date: RE: trouble with forwarded tgt from windows client
Next by Date: Re: heimdal on IRIX
Prev by thread: RE: trouble with forwarded tgt from windows client
Next by thread: Re: trouble with forwarded tgt from windows client
Index(es):
- Date
- Thread