So it turns out our GSSUP token encoder set the username to
[EMAIL PROTECTED] and the GSSUP token decoder did not lop off the
@domain part, so Geronimo could not talk to itself using GSSUP.
I changed the token encoder to just pass the username straight through
-- there is a separate field in the token that holds the domain, after
all, so mangling the username did not seem to make much sense.
Just want to make a note of this in case someone thinks it should be
changed the other way (that is, the GSSUP token encoder should send
[EMAIL PROTECTED] and the GSSUP token decoder should lop off and ignore
the @domain part, or compare the @domain to the domain that is sent in
the other field).
Thanks,
Aaron
P.S. Actually the GSSUP token encoder set the username to
[EMAIL PROTECTED] due to an additional bug in the dynamic GSSUP
configuration, so I gather no one's actually used this code before.
:)
