[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Does this happen in the new mechglue too?
> The issue was that trying to acquire a credential
> could result in a redundant AS-REQ. It turned out to be
> lib/mechglue/g_acquire_cred.c:gss_acquire_cred was looping over all
> mechanisms. The problem was that with SPNEGO it did KRB5 twice, once
> for KRB5 mech and once through SPNEGO mech calling KRB5.
> I added a clause that checked for &mech->mech_type ==
> to skip that mech (unless it was explicitly specified).
> Please consider this condition wrt the new mechglue code if necessary.
After a fast read though of the code it looks like this could still
in the new mech-glue code.
This is the second issue with gssapi mech-glue layer hides too much
from SPNEGO. I need figure out the implications of this
(split or merged mech-glue/SPNEGO).