[28100] in Kerberos
Re: [modauthkerb] Negotiate on Windows with cross-realm trust ADand
daemon@ATHENA.MIT.EDU (Achim Grolms)
Wed Jul 25 15:05:24 2007
From: Achim Grolms <kerberosml@grolmsnet.de>
To: mikkel@linet.dk
Date: Wed, 25 Jul 2007 20:56:25 +0200
In-Reply-To: <1185357303.3008.5.camel@tux.lib.cbs.dk>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200707252056.26671.kerberosml@grolmsnet.de>
Cc: modauthkerb-help@lists.sourceforge.net, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wednesday 25 July 2007 11:55, Mikkel Kruse Johnsen wrote:
> Compiled the mod_auth_kerb with the attched
The modification does a check if GSS_C_DELEG_FLAG
is present.
>From my point of view (a paranoid point of view)
an additional check has to follow:
before the code does the call to store_gss_creds()
The code should check if
delegated_cred != GSS_C_NO_CREDENTIAL
and report this state to logfile and only in case of
delegated_cred != GSS_C_NO_CREDENTIAL
do the call of store_gss_creds()
Can you give that a try?
Achim
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos