[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does this happen in the new mechglue too?

> The issue was that trying to acquire a credential
> could result in a redundant AS-REQ. It turned out to be
> lib/mechglue/g_acquire_cred.c:gss_acquire_cred was looping over all
> mechanisms. The problem was that with SPNEGO it did KRB5 twice, once
> for KRB5 mech and once through SPNEGO mech calling KRB5.
> I added a clause that checked for &mech->mech_type ==  
> to skip that mech (unless it was explicitly specified).
> Please consider this condition wrt the new mechglue code if necessary.

After a fast read though of the code it looks like this could still  
in the new mech-glue code.

This is the second issue with gssapi mech-glue layer hides too much
from SPNEGO. I need figure out the implications of this
(split or merged mech-glue/SPNEGO).