Displaying 3 results from an estimated 3 matches for "gss_c_nt_hostbased_service".
2007 May 24
2
[Bug 1318] New: There is no way to really cancel dns queries from the client
...NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: eyal.lotem at gmail.com
The option "CheckHostIP no" cancels ssh's lookup, but the ssh clinet
still calls gss_import_name with the parameter
GSS_C_NT_HOSTBASED_SERVICE. This call creates a name lookup internally
(via gss's call to krb5_sname_to_principal).
This causes "ssh" to always attempt to backresolve IP addresses. It
only gives up after about 10 seconds. This means that all ssh-based
traffic (ssh, sftp, etc) requires a 10 second initiation ti...
2011 Aug 29
4
Kerberos GSSAPI - proper item name in keytab
...log_debug(request, "gssapi",
"Obtaining credentials for %s", str_c(principal_name));
inbuf.length = str_len(principal_name);
inbuf.value = str_c_modifiable(principal_name);
major_status = gss_import_name(&minor_status, &inbuf,
GSS_C_NT_HOSTBASED_SERVICE,
&gss_principal);
*********************************
So, according to source code, Dovecot tries to find in krb5.keytab a
principal named "imap at hostname". However wiki says to create the
principal named "imap/hostname at REALM".
Please, clarify whe...
2003 Aug 10
9
updated gssapi diff
..., const char *host)
+{
+ gss_buffer_desc gssbuf;
+
+ gssbuf.length = sizeof("host@") + strlen(host);
+ gssbuf.value = xmalloc(gssbuf.length);
+ snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
+
+ if ((ctx->major = gss_import_name(&ctx->minor,
+ &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
+ ssh_gssapi_error(ctx);
+
+ xfree(gssbuf.value);
+ return (ctx->major);
+}
+
+/* Acquire credentials for a server running on the current host.
+ * Requires that the context structure contains a valid OID
+ */
+
+/* Returns a GSSAPI error code */
+OM_uint32
+ssh_gssapi_acq...