These patches have been reasonably tested (and cross-tested) on
Solaris 9 (SPARC) and MacOS 10.4 (both G4 and Intel) with the native
GSSAPI libraries. They implement the gss-np and (incompletely) the
gss authentication methods. Unlike the current krb5 method gssapi
has native support in J
These patches are updated as discussed to remove the incomplete
feature. Unfortunately I have a wedding to go to this weekend and
won't get them tested until next week. Will post when I've done so.
On Mar 31, 2007, at 3:41 PM, Henry B. Hotz wrote:
These patches have been reasona
I finally got to testing that updated patch. It's fine per-se, but
was missing the updated README.GSSAPI file. Herewith fixed.
gss.patch3.bz2
Description: Binary data
On May 12, 2007, at 9:53 AM, Henry B. Hotz wrote:
These patches are updated as discussed to remove the incom
n Jun 19, 2007, at 6:04 AM, Magnus Hagander wrote:
On Sun, May 20, 2007 at 01:28:40AM -0700, Henry B. Hotz wrote:
I finally got to testing that updated patch. It's fine per-se, but
was missing the updated README.GSSAPI file. Herewith fixed.
I've been reviewing and updating this pat
On Jun 22, 2007, at 9:56 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
We enable the setting of the service name in the server
configuration
file, but we never use that variable anywhere. We do, however,
use the
service name on the client, in
On Jun 23, 2007, at 1:44 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
On Jun 22, 2007, at 9:56 AM, Magnus Hagander wrote:
Most likely it's just checking the keytab to find a principal
with the
same name as the one presented from the c
On Jun 24, 2007, at 11:03 PM, Magnus Hagander wrote:
I'm told that the way Apple's equivalent to mod_auth_kerb works is it
uses GSS_C_NO_CREDENTIAL and then does a case-insensitive compare of
the resulting match to "HTTP". We could do the same thing, if you
think it's worth it.
Do you know i
egitimately) provide
kerberos tickets for AFS in scenarios where the KDC can't.
On Jun 24, 2007, at 10:10 PM, Henry B. Hotz wrote:
On Jun 23, 2007, at 1:44 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
On Jun 22, 2007, at 9:56 AM, Magnus Ha
I'm not suggesting any change. Merely correcting a misstatement I
made earlier.
I believe the documentation already recommends best practice.
On Oct 10, 2007, at 10:53 AM, Magnus Hagander wrote:
Tom Lane wrote:
"Henry B. Hotz" <[EMAIL PROTECTED]> writes:
You know, I
Thank you very much. This helps, but I'm still evaluating how much.
I *can* point at one problem though: you do a strchr(gbuf.value,
'@') and then error out if there isn't a Kerberos realm there. In
fact that is exactly the default username of at least one of the
GSSAPI implementations I
On Nov 1, 2007, at 1:40 PM, Magnus Hagander wrote:
Henry B. Hotz wrote:
Thank you very much. This helps, but I'm still evaluating how much.
I *can* point at one problem though: you do a strchr(gbuf.value,
'@')
and then error out if there isn't a Kerberos realm there.
On Nov 1, 2007, at 6:33 AM, Tom Lane wrote:
Magnus Hagander <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
Also the elog message texts need a bit of copy-editing.
Probably ;-) Got any specific hints, so I don't have to go through
the
iteration twice?
The one that caught my eye was
On Nov 2, 2007, at 8:38 AM, Magnus Hagander wrote:
Henry B. Hotz wrote:
On Nov 1, 2007, at 1:40 PM, Magnus Hagander wrote:
Henry B. Hotz wrote:
Thank you very much. This helps, but I'm still evaluating how
much.
I *can* point at one problem though: you do a strchr
(gbuf.
On Nov 6, 2007, at 6:27 AM, Magnus Hagander wrote:
On Fri, Nov 02, 2007 at 11:23:30AM -0700, Henry B. Hotz wrote:
I'm not entirely sure what the intended semantics of
krb_match_realm
are, but if you're trying to match the GSSAPI-authenticated name
against
"value_of(P
On Nov 9, 2007, at 5:24 AM, Magnus Hagander wrote:
On Tue, 2007-11-06 at 18:10 -0800, Henry B. Hotz wrote:
On Nov 6, 2007, at 6:27 AM, Magnus Hagander wrote:
On Fri, Nov 02, 2007 at 11:23:30AM -0700, Henry B. Hotz wrote:
I'm not entirely sure what the intended semantics of
krb_match_
15 matches
Mail list logo