projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd7d6b0) | patch
Do mech fallback for first SPNEGO context token
authorGreg Hudson <ghudson@mit.edu>
Fri, 16 Dec 2011 23:19:01 +0000 (23:19 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 16 Dec 2011 23:19:01 +0000 (23:19 +0000)
commite946963e0f8488a8d47c527cca31d4666c32e063
tree311fe11a247ddfd6ce677c75d72345a8836e22bbtree | snapshot
parentcd7d6b08aebaee50a25a8eb519588abbca633d72commit | diff
Do mech fallback for first SPNEGO context token

When producing the first SPNEGO security context token, if the first
mechanism's init_sec_context fails, fall back to a later mechanism.

This fixes a regression in 1.10 for SPNEGO initiators using non-krb5
credentials.  The identity selection work causes errors to be deferred
from krb5's acquire_cred in some cases, which means SPNEGO doesn't see
an error until it tries the krb5 init_sec_context.

ticket: 6936
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25591 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/gssapi/spnego/spnego_mech.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.