On Tue, 07 Jul 2009 20:27:57 -0400
Timo Sirainen wrote:
> On Tue, 2009-03-03 at 13:56 -0500, Bryan Jacobs wrote:
> > Attached is a patch which in my environment (Linux/Heimdal 1.2.1)
> > fixes cross-realm GSSAPI authentication.
> >
> > Changes it makes:
> > 1. When using krb5_kuserok, do not ca
On Tue, 2009-03-03 at 13:56 -0500, Bryan Jacobs wrote:
> Attached is a patch which in my environment (Linux/Heimdal 1.2.1) fixes
> cross-realm GSSAPI authentication.
>
> Changes it makes:
> 1. When using krb5_kuserok, do not call gss_compare_name to check that
> authn_name and authz_name are the
On Tue, 2009-03-03 at 13:56 -0500, Bryan Jacobs wrote:
> Changes it makes:
> 1. When using krb5_kuserok, do not call gss_compare_name to check that
> authn_name and authz_name are the same. Instead, make TWO calls to
> krb5_kuserok, one for each ID. If both IDs are acceptable, allow the
> login
Attached is a patch which in my environment (Linux/Heimdal 1.2.1) fixes
cross-realm GSSAPI authentication.
Changes it makes:
1. When using krb5_kuserok, do not call gss_compare_name to check that
authn_name and authz_name are the same. Instead, make TWO calls to
krb5_kuserok, one for each ID. I
