Displaying 1 result from an estimated 1 matches for "gss_krb5_principal_nam".
Did you mean:
gss_krb5_principal_name
2009 Mar 03
2
GSSAPI cross-realm fixed
...GSSAPI authentication.
Changes it makes:
1. When using krb5_kuserok, do not call gss_compare_name to check that
authn_name and authz_name are the same. Instead, make TWO calls to
krb5_kuserok, one for each ID. If both IDs are acceptable, allow the
login.
2. Disable checking that the name is a GSS_KRB5_PRINCIPAL_NAME, as
this doesn't appear to be always the case for the authz_name.
If I create a .k5login listing both username at REALM1 and
username at REALM2, and make that file follow the appropriate security
restrictions (world read, user only write permissions), this lets me
use GSSAPI logins with princ...