Displaying 3 results from an estimated 3 matches for "gss_c_no_channel_bindings".
2007 Feb 03
1
GSSAPI authentication behind HA servers
Hi all,
We have 2 mail servers sitting behind linux-HA machines.The mail
servers are currently running dovecot 1.0rc2.
Looking to enable GSSAPI authentication, I exported krb keytabs for
imap/node01.domain at REALM and imap/node02.domain at REALM for both mail
servers.
However, clients are connecting to mail.domain.com, which results in a
mismatch as far as the keytab is concerned (and rightly
2006 Feb 27
2
Bug in Kerberos support for openssh.
...ormed
Validation error
Couldn't convert client name
debug1: do_cleanup
I spent some time in the debugger, and found that essentially the
problem was that ssh is calling
ctx->major = gss_accept_sec_context(&ctx->minor,
&ctx->context, ctx->creds, recv_tok,
GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, &mech,
send_tok, flags, NULL, &ctx->client_creds);
and saving off ctx->client for later use. Under the hood, ctx->client
is simply a gss_union_name_t.
Later on (not much further later), ssh calls
if ((ctx->major = gss_export_name(&ct...
2003 Aug 10
9
updated gssapi diff
...riviledged */
+OM_uint32
+ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
+ gss_buffer_desc *send_tok, OM_uint32 *flags)
+{
+ OM_uint32 status;
+ gss_OID mech;
+
+ ctx->major = gss_accept_sec_context(&ctx->minor,
+ &ctx->context, ctx->creds, recv_tok,
+ GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, &mech,
+ send_tok, flags, NULL, &ctx->client_creds);
+
+ if (GSS_ERROR(ctx->major))
+ ssh_gssapi_error(ctx);
+
+ if (ctx->client_creds)
+ debug("Received some client credentials");
+ else
+ debug("Got no client credentials");
+
+ sta...