On Thu, 8 Feb 2007 09:33:34 +1100
Love Hörnquist Åstrand [EMAIL PROTECTED] wrote:
6 feb 2007 kl. 15.14 skrev Michael B Allen:
On Mon, 5 Feb 2007 22:59:34 -0500
Michael B Allen [EMAIL PROTECTED] wrote:
If I simply remove the ccache = NULL line in
gsskrb5_accept_delegated_token the leak
Doesn't the ccache = NULL in gsskrb5_accept_delegated_token prevent
id
from being closed?
180 (*delegated_cred_handle)-cred_flags |=
GSS_CF_DESTROY_CRED_ON_RELEASE;
181 ccache = NULL;
^^
182 }
183
184 out:
185 if (ccache) {
186 if
Hello,
I am using heimdal 0.7.2 with Openldap 2.3.32 backend.
When I change passwords using MIT kpasswd from a RedHat 40 U4 server,
the password changes however I don't see through kadmin?
The password changed doesn't exist in in released heimdal, 0.8 will
have support for it. The kadmin
On Thu, 8 Feb 2007 10:39:45 +1100
Love Hörnquist Åstrand [EMAIL PROTECTED] wrote:
Doesn't the ccache = NULL in gsskrb5_accept_delegated_token prevent
id
from being closed?
180 (*delegated_cred_handle)-cred_flags |=
GSS_CF_DESTROY_CRED_ON_RELEASE;
181 ccache =
Mmm, somethings off. I just rsync'd and did a cvs co heimdal and the
latest log entry I have is:
revision 1.56
date: 2006/05/09 07:16:39; author: lha; state: Exp; lines: +3 -1
(gsskrb5_is_cfx): always set is_cfx. From Andrew Abartlet.
Has the procedure changed?
Nevermind. I found
Hi,
Trying to aquire a TGT without the necessary password, ccache or keytab
entry will result in an AS-REQ with an empty padata field. I'm not talking
about the initial requrest with *null* padata. This is a second request
with a padata SEQUENCE that is simply empty:
$ dumpasn1 /tmp/out.bin
Unfortunately I'm still using mechglue-branch at the moment. I have found
numerous bugs that I'm sure you don't care about anymore but there was
one issue that could conceivably exist in the new code.
The issue was that trying to acquire a credential
could result in a redundant AS-REQ. It turned
Consider a web application that authenticates clients using
gss_accept_sec_context, places the delegated credential into a file and
exports KRB5CCNAME. If the web application were to then call a library
function (e.g. ldap_sasl_bind_s) that also used Heimdals GSSAPI it may
fail to find the