[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 , 0.8.1 and 1.0.1




10 nov 2007 kl. 08.54 skrev Markus Moeller:

>
> When I use in case 4) instead of GSS_C_NO_NAME  HTTP/fqdn I get the
> following error:
>
> [Sat Nov 10 16:37:54 2007] [error] [client 192.168.1.10] mod_spnego:
> gss_accept_sec_context failed; GSS-API:  Miscellaneous failure (see  
> text))
> [Sat Nov 10 16:37:54 2007] [error] [client 192.168.1.10] mod_spnego:
> gss_accept_sec_context failed; GSS-API mechanism: Decrypt integrity  
> check
> failedxt))
>
> It seems gss_acquire_creds needs a desired name != GSS_C_NO_NAME  to  
> accept
> kerberos 5 as a mechanism.
> e.g. In acquire_acceptor_cred

This seems to be the case. I never expected that people would use  
gss_acquire_cred()
without name. The gss_acccept_sec_context() supports that, so I guess  
this should be fixed.

Love