Greg, the patch that you gave us fixed the issue. Thanks for the prompt debugging and a quick patch.
Prakash On Mon, Feb 3, 2014 at 6:53 PM, Prakash Narayanaswamy <prak...@nutanix.com>wrote: > Thanks a lot, Greg. We'll take the patch, apply it, test it and get back > to you. Thanks again. > > Prakash > > Prakash N | 408 771 4273 > > > > On Mon, Feb 3, 2014 at 6:31 PM, Greg Hudson <ghud...@mit.edu> wrote: > >> On 02/03/2014 02:26 PM, Prakash Narayanaswamy wrote: >> > Hello, We are trying to get a service (a SMB server) running on Linux >> > kerberized using the GSS API. During the negotiation (SPNEGO), the >> Windows >> > SMB client specifies MS KRB5 (1.2.840.48018.1.2.2) as the preferred >> > mechanism and supplies the initial token. The gss_accept_sec_context >> method >> > on the server accepts the token and generates a *NegTokenResp*, setting >> the >> > *negState* to *"accept-completed"* and *supportedMech* to *KRB5 >> > (1.2.840.113554.1.2.2)* among other things. >> [...] >> > The question now is this: Is there a better way of doing this? Are we >> > missing something here? >> >> Nope, it's just a bug. I apparently introduced it in 1.10 when fixing >> another issue. Thanks for investing it in enough detail to make it easy >> to find the mistake. >> >> Here is a candidate fix, which should make its way into master and 1.12.2: >> >> https://github.com/greghudson/krb5/commits/spnegofix >> >> Here is the bug-tracker entry I filed: >> >> http://krbdev.mit.edu/rt/Ticket/Display.html?id=7858 >> > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
