search for: gss_krb5_principal_nam

Displaying 1 result from an estimated 1 matches for "gss_krb5_principal_nam".

2009 Mar 03
2
GSSAPI cross-realm fixed
...GSSAPI authentication. Changes it makes: 1. When using krb5_kuserok, do not call gss_compare_name to check that authn_name and authz_name are the same. Instead, make TWO calls to krb5_kuserok, one for each ID. If both IDs are acceptable, allow the login. 2. Disable checking that the name is a GSS_KRB5_PRINCIPAL_NAME, as this doesn't appear to be always the case for the authz_name. If I create a .k5login listing both username at REALM1 and username at REALM2, and make that file follow the appropriate security restrictions (world read, user only write permissions), this lets me use GSSAPI logins with princ...