Displaying 2 results from an estimated 2 matches for "mech_gssapi_krb5_userok".
2013 May 09
1
Crossrealm Kerberos problems
...pport when
using a kerberos ticket in the default realm.
However when I attempt to authenticate using cross realm authentication
the login fails (logs below).
After perusing the source code I beleive that the problem is as such:
All taking place in mech-gssapi.c
1. mech_gssapi_userok(...) calls mech_gssapi_krb5_userok
2. mech_gssapi_krb5_userok(...) calls krb5_kuserok(...) to verify that
the given Kerberos prinicpal can log in as the requested user.
3. The authentication process is running as the Dovecot user so:
3a. krb5_kuserok(...) looks for ~dovecot/.k5login to authorize cross
realm logins
3b. There is n...
2012 Mar 05
1
[PATCH] GSSAPI authorization and virtual users
...re now stored in struct
gssapi_auth_request, making the inbuf parameter to the
mech_gssapi_{sec_context,wrap,unwrap} functions superfluous. The
parameters should be removed.
5. The k5principals list won't be processed on Solaris. The code
added to the end of mech_gssapi_krb5_userok would have to be
moved to a separate function and then be called from the Solaris
code.
6. GCC tells me about assignment to incompatible pointer types in
the code that iterates through gssapi_k5principals. I must be
missing something.
The patch is licensed unde...