On Fri, Sep 12, 2008 at 03:48:16PM -0700, Henry B. Hotz wrote: > IIRC (on S9 anyway) the GSSAPI display name does not include the realm > if it's the same as the Kerberos default realm. Is there a way to get > the default realm with GSSAPI; without going direct to the MIT Kerb 5 > API?
The GSS_C_NT_HOSTBASED_SERVICE generic syntax has no notion of realm. The Kerberos V mechanism on Solaris always displays MNs as Kerberos V principal names, complete with realm name, except that in some cases I think you might get the "null realm name." (If you look at krb5_gss_display_name(), in $SRC/lib/gss_mechs/mech_krb5/mech/disp_name.c, you'll see that it just calls krb5_unparse_name() to display the name, it does nothing special for the GSS-API such as removing the realm name when it's a default realm name.) Nico --
