On Nov 9, 2007, at 5:24 AM, Magnus Hagander wrote:
On Tue, 2007-11-06 at 18:10 -0800, Henry B. Hotz wrote:
On Nov 6, 2007, at 6:27 AM, Magnus Hagander wrote:
On Fri, Nov 02, 2007 at 11:23:30AM -0700, Henry B. Hotz wrote:
I'm not entirely sure what the intended semantics of
krb_match_
On Nov 6, 2007, at 6:27 AM, Magnus Hagander wrote:
On Fri, Nov 02, 2007 at 11:23:30AM -0700, Henry B. Hotz wrote:
I'm not entirely sure what the intended semantics of
krb_match_realm
are, but if you're trying to match the GSSAPI-authenticated name
against
"value_of(P
On Nov 1, 2007, at 6:33 AM, Tom Lane wrote:
Magnus Hagander <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
Also the elog message texts need a bit of copy-editing.
Probably ;-) Got any specific hints, so I don't have to go through
the
iteration twice?
The one that caught my eye was
On Nov 2, 2007, at 8:38 AM, Magnus Hagander wrote:
Henry B. Hotz wrote:
On Nov 1, 2007, at 1:40 PM, Magnus Hagander wrote:
Henry B. Hotz wrote:
Thank you very much. This helps, but I'm still evaluating how
much.
I *can* point at one problem though: you do a strchr
(gbuf.
On Nov 1, 2007, at 1:40 PM, Magnus Hagander wrote:
Henry B. Hotz wrote:
Thank you very much. This helps, but I'm still evaluating how much.
I *can* point at one problem though: you do a strchr(gbuf.value,
'@')
and then error out if there isn't a Kerberos realm there.
Thank you very much. This helps, but I'm still evaluating how much.
I *can* point at one problem though: you do a strchr(gbuf.value,
'@') and then error out if there isn't a Kerberos realm there. In
fact that is exactly the default username of at least one of the
GSSAPI implementations I
I'm not suggesting any change. Merely correcting a misstatement I
made earlier.
I believe the documentation already recommends best practice.
On Oct 10, 2007, at 10:53 AM, Magnus Hagander wrote:
Tom Lane wrote:
"Henry B. Hotz" <[EMAIL PROTECTED]> writes:
You know, I
egitimately) provide
kerberos tickets for AFS in scenarios where the KDC can't.
On Jun 24, 2007, at 10:10 PM, Henry B. Hotz wrote:
On Jun 23, 2007, at 1:44 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
On Jun 22, 2007, at 9:56 AM, Magnus Ha
On Jun 24, 2007, at 11:03 PM, Magnus Hagander wrote:
I'm told that the way Apple's equivalent to mod_auth_kerb works is it
uses GSS_C_NO_CREDENTIAL and then does a case-insensitive compare of
the resulting match to "HTTP". We could do the same thing, if you
think it's worth it.
Do you know i
On Jun 23, 2007, at 1:44 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
On Jun 22, 2007, at 9:56 AM, Magnus Hagander wrote:
Most likely it's just checking the keytab to find a principal
with the
same name as the one presented from the c
On Jun 22, 2007, at 9:56 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
We enable the setting of the service name in the server
configuration
file, but we never use that variable anywhere. We do, however,
use the
service name on the client, in
n Jun 19, 2007, at 6:04 AM, Magnus Hagander wrote:
On Sun, May 20, 2007 at 01:28:40AM -0700, Henry B. Hotz wrote:
I finally got to testing that updated patch. It's fine per-se, but
was missing the updated README.GSSAPI file. Herewith fixed.
I've been reviewing and updating this pat
I finally got to testing that updated patch. It's fine per-se, but
was missing the updated README.GSSAPI file. Herewith fixed.
gss.patch3.bz2
Description: Binary data
On May 12, 2007, at 9:53 AM, Henry B. Hotz wrote:
These patches are updated as discussed to remove the incom
These patches are updated as discussed to remove the incomplete
feature. Unfortunately I have a wedding to go to this weekend and
won't get them tested until next week. Will post when I've done so.
On Mar 31, 2007, at 3:41 PM, Henry B. Hotz wrote:
These patches have been reasona
These patches have been reasonably tested (and cross-tested) on
Solaris 9 (SPARC) and MacOS 10.4 (both G4 and Intel) with the native
GSSAPI libraries. They implement the gss-np and (incompletely) the
gss authentication methods. Unlike the current krb5 method gssapi
has native support in J
15 matches
Mail list logo