search for: major_status

Hi, Was trying to use the gssapi support and the authentication would consistently die for me. The following patch fixes: --- src/auth/mech-gssapi.c.orig 2006-01-10 15:46:10.000000000 +1300 +++ src/auth/mech-gssapi.c @@ -138,7 +138,7 @@ static OM_uint32 obtain_service_credenti return major_status; } - gss_release_name(&minor_status, gss_principal); + gss_release_name(&minor_status, &gss_principal); return major_status; } as gss_release_name takes a pointer to a gss_name_t as second arg. cheers mark

I cooked this up while trying to figure out why thunderbird on Windows w/ SSPI was not working, but it turned out thunderbird does not use it, so I haven't been able to test it yet. I'm presenting it for discussion only, unless someone else can try it :) Modern versions of MIT kerberos support GSS-SPNEGO natively, but are only willing to negotiate for kerberos tickets and not NTLM

...http://www.cise.ufl.edu/~jfh | ---------------------------------------------------------------------- --- src/auth/mech-gssapi.c.orig 2006-03-01 14:21:40.000000000 -0500 +++ src/auth/mech-gssapi.c 2006-03-01 14:18:58.000000000 -0500 @@ -138,7 +138,7 @@ return major_status; } - gss_release_name(&minor_status, gss_principal); + gss_release_name(&minor_status, &gss_principal); return major_status; }

...debug] src/mod_auth_kerb.c(1416): Client didn't delegate us their credential [auth_kerb:debug] src/mod_auth_kerb.c(1444): Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. [auth_kerb:debug] src/mod_auth_kerb.c(1116): GSS-API major_status:00010000, minor_status:00000000 [auth_kerb:error] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error) [headers:debug] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Requ...

Hi all, We have 2 mail servers sitting behind linux-HA machines.The mail servers are currently running dovecot 1.0rc2. Looking to enable GSSAPI authentication, I exported krb keytabs for imap/node01.domain at REALM and imap/node02.domain at REALM for both mail servers. However, clients are connecting to mail.domain.com, which results in a mismatch as far as the keytab is concerned (and rightly

...str_append(principal_name, request->set->gssapi_hostname); auth_request_log_debug(request, "gssapi", "Obtaining credentials for %s", str_c(principal_name)); inbuf.length = str_len(principal_name); inbuf.value = str_c_modifiable(principal_name); major_status = gss_import_name(&minor_status, &inbuf, GSS_C_NT_HOSTBASED_SERVICE, &gss_principal); ********************************* So, according to source code, Dovecot tries to find in krb5.keytab a principal named "imap at hostname". Howev...

...+{ + ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length); +} + +/* All this effort to report an error ... */ +void +ssh_gssapi_error(Gssctxt *ctxt) +{ + debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL)); +} + +char * +ssh_gssapi_last_error(Gssctxt *ctxt, + OM_uint32 *major_status, OM_uint32 *minor_status) +{ + OM_uint32 lmin; + gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; + OM_uint32 ctx; + Buffer b; + char *ret; + + buffer_init(&b); + + if (major_status != NULL) + *major_status = ctxt->major; + if (minor_status != NULL) + *minor_status = ctxt->minor; + + ctx = 0;...