Displaying 5 results from an estimated 5 matches for "gss_compare_name".
2009 Mar 03
2
GSSAPI cross-realm fixed
Attached is a patch which in my environment (Linux/Heimdal 1.2.1) fixes
cross-realm GSSAPI authentication.
Changes it makes:
1. When using krb5_kuserok, do not call gss_compare_name to check that
authn_name and authz_name are the same. Instead, make TWO calls to
krb5_kuserok, one for each ID. If both IDs are acceptable, allow the
login.
2. Disable checking that the name is a GSS_KRB5_PRINCIPAL_NAME, as
this doesn't appear to be always the case for the authz_name.
If I...
2009 Mar 03
0
GSSAPI cross-realm still broken
...e been trying to track down some problems with Dovecot in a Kerberos
5 cross-realm environment, and there seem to be a few issues.
LOGIN/PLAIN work fine using pam_krb5, but GSSAPI is a bit harder to
handle.
On line 436 of src/auth/mech-gssapi.c, the authn_name and the
authz_name are compared using gss_compare_name. This dates back to the
message at:
http://dovecot.org/pipermail/dovecot/2005-October/009615.html
While everything within that message is true, as things stand, Dovecot
is unusable in a cross-realm environment. When cross-realm tickets are
used, the authn_name is "username at REALM" an...
2007 Oct 10
0
GSSAPI Cross-Realm Patch
...n, I used
the krb5_userok() function. So if you're using a mechanism other than
krb5 this won't work. But it's the same thing that OpenSSH and the apps
distributed with heimdal do, so it seemed relatively safe.
I also choose to append the krb5_userok() check rather than replace the
gss_compare_name() check -- that way same-realm auth works for non-krb5
mechanisms, and my new code doesn't get called unless the same-realm
check fails. If you don't care about other mechanisms it would be faster
to bypass the gss_compare_name() check entirely.
If this is something you'd like to ma...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2010 May 02
2
samba4 make error - drsblobs.so
..._context_token.c
Compiling heimdal/lib/gssapi/mech/gss_buffer_set.c
Compiling heimdal/lib/gssapi/mech/gss_aeap.c
Compiling heimdal/lib/gssapi/mech/gss_add_cred.c
Compiling heimdal/lib/gssapi/mech/gss_cred.c
Compiling heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
Compiling heimdal/lib/gssapi/mech/gss_compare_name.c
Compiling heimdal/lib/gssapi/mech/gss_release_oid_set.c
Compiling heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c
Compiling heimdal/lib/gssapi/mech/gss_decapsulate_token.c
Compiling heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
Compiling heimdal/lib/gssapi/mech/gss_canonicalize_name.c
Comp...