search for: minor_status

...ch causes the call to fail. Could have caused it to crash, I suppose - that would have been a much clearer indication of what the trouble was. I did manage to hack the thing to work - I first hacked libgssapi.so to include a new function: OM_uint32 KRB5_CALLCONV gss_hack_ssh_to_fix_stupid_bug(minor_status, input_name, output_name) OM_uint32 * minor_status; gss_name_t input_name; gss_name_t * output_name; { gss_union_name_t union_name; union_name = (gss_union_name_t) input_name; *...

...pport and the authentication would consistently die for me. The following patch fixes: --- src/auth/mech-gssapi.c.orig 2006-01-10 15:46:10.000000000 +1300 +++ src/auth/mech-gssapi.c @@ -138,7 +138,7 @@ static OM_uint32 obtain_service_credenti return major_status; } - gss_release_name(&minor_status, gss_principal); + gss_release_name(&minor_status, &gss_principal); return major_status; } as gss_release_name takes a pointer to a gss_name_t as second arg. cheers mark

...ovecot auth process SIGSEGV's and dies at login time (I think). Here's the backtrace: (gdb) bt full #0 0xfef25e1a in gss_release_name () from /usr/lib/libgss.so.1 No symbol table info available. #1 0x08064ccf in mech_gssapi_auth_free (request=0xfef3c000) at mech-gssapi.c:394 minor_status = 0 #2 0x08060551 in auth_request_handler_flush_failures () at auth-request-handler.c:493 auth_request = (struct auth_request **) 0x8047b5c i = 1 size = 1 __PRETTY_FUNCTION__ = "auth_request_handler_flush_failures" #3 0x0806f54a in io_loop_handle_time...

I cooked this up while trying to figure out why thunderbird on Windows w/ SSPI was not working, but it turned out thunderbird does not use it, so I haven't been able to test it yet. I'm presenting it for discussion only, unless someone else can try it :) Modern versions of MIT kerberos support GSS-SPNEGO natively, but are only willing to negotiate for kerberos tickets and not NTLM

...---------------------------------------------------------------- --- src/auth/mech-gssapi.c.orig 2006-03-01 14:21:40.000000000 -0500 +++ src/auth/mech-gssapi.c 2006-03-01 14:18:58.000000000 -0500 @@ -138,7 +138,7 @@ return major_status; } - gss_release_name(&minor_status, gss_principal); + gss_release_name(&minor_status, &gss_principal); return major_status; }

...b.c(1416): Client didn't delegate us their credential [auth_kerb:debug] src/mod_auth_kerb.c(1444): Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. [auth_kerb:debug] src/mod_auth_kerb.c(1116): GSS-API major_status:00010000, minor_status:00000000 [auth_kerb:error] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error) [headers:debug] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: grante...

Hi all, We have 2 mail servers sitting behind linux-HA machines.The mail servers are currently running dovecot 1.0rc2. Looking to enable GSSAPI authentication, I exported krb keytabs for imap/node01.domain at REALM and imap/node02.domain at REALM for both mail servers. However, clients are connecting to mail.domain.com, which results in a mismatch as far as the keytab is concerned (and rightly

...->set->gssapi_hostname); auth_request_log_debug(request, "gssapi", "Obtaining credentials for %s", str_c(principal_name)); inbuf.length = str_len(principal_name); inbuf.value = str_c_modifiable(principal_name); major_status = gss_import_name(&minor_status, &inbuf, GSS_C_NT_HOSTBASED_SERVICE, &gss_principal); ********************************* So, according to source code, Dovecot tries to find in krb5.keytab a principal named "imap at hostname". However wiki says to create the principal...

...data(ctx, oid->elements, oid->length); +} + +/* All this effort to report an error ... */ +void +ssh_gssapi_error(Gssctxt *ctxt) +{ + debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL)); +} + +char * +ssh_gssapi_last_error(Gssctxt *ctxt, + OM_uint32 *major_status, OM_uint32 *minor_status) +{ + OM_uint32 lmin; + gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; + OM_uint32 ctx; + Buffer b; + char *ret; + + buffer_init(&b); + + if (major_status != NULL) + *major_status = ctxt->major; + if (minor_status != NULL) + *minor_status = ctxt->minor; + + ctx = 0; + /* The GSSAPI error */...

Hi All, can anyone make any sense of the error below, please advise if I need to log this as a bug but I'm not sure how to further diagnose what is happening. This is from my winbindd log file, thanks Andy. [2003/11/07 17:47:59, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/11/07 17:48:00, 1]