search for: gss_c_nt_hostbased_service

Displaying 3 results from an estimated 3 matches for "gss_c_nt_hostbased_service".

2007 May 24
2
[Bug 1318] New: There is no way to really cancel dns queries from the client
...NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: eyal.lotem at gmail.com The option "CheckHostIP no" cancels ssh's lookup, but the ssh clinet still calls gss_import_name with the parameter GSS_C_NT_HOSTBASED_SERVICE. This call creates a name lookup internally (via gss's call to krb5_sname_to_principal). This causes "ssh" to always attempt to backresolve IP addresses. It only gives up after about 10 seconds. This means that all ssh-based traffic (ssh, sftp, etc) requires a 10 second initiation ti...
2011 Aug 29
4
Kerberos GSSAPI - proper item name in keytab
...log_debug(request, "gssapi", "Obtaining credentials for %s", str_c(principal_name)); inbuf.length = str_len(principal_name); inbuf.value = str_c_modifiable(principal_name); major_status = gss_import_name(&minor_status, &inbuf, GSS_C_NT_HOSTBASED_SERVICE, &gss_principal); ********************************* So, according to source code, Dovecot tries to find in krb5.keytab a principal named "imap at hostname". However wiki says to create the principal named "imap/hostname at REALM". Please, clarify whe...
2003 Aug 10
9
updated gssapi diff
..., const char *host) +{ + gss_buffer_desc gssbuf; + + gssbuf.length = sizeof("host@") + strlen(host); + gssbuf.value = xmalloc(gssbuf.length); + snprintf(gssbuf.value, gssbuf.length, "host@%s", host); + + if ((ctx->major = gss_import_name(&ctx->minor, + &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) + ssh_gssapi_error(ctx); + + xfree(gssbuf.value); + return (ctx->major); +} + +/* Acquire credentials for a server running on the current host. + * Requires that the context structure contains a valid OID + */ + +/* Returns a GSSAPI error code */ +OM_uint32 +ssh_gssapi_acq...