Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Douglas E. Engert wrote:
> Almost. If the users and severs are in different realms, the MS
> kerberos has troubles determining the realm of the server if the
> server is in a non AD realm. There is a way around this, as the
> MS InitializeSecurityContext can take service/host at realm
> as the service principal name. The trick it to get this
> passed in.
I'm open to ideas - didn't know about that functionality actually. I
could add a realm parameter to gserver.
> Sorry about that. Maybe there is a way around this, as the gssapi
> is an IETF standard, and you really don't need the krb5 libs
> to build the DLL, if you use something like
> gssapi_handle = LoadLibrary("gssapi32.dll"); all you need is
> a gssapi stub.
You need krb5 to get the username from the gssapi connection
(krb5_parse_name / krb5_aname_to_username).
The standard MIT win32 build (at least the one I downloaded last time)
forgets to export krb5_aname_to_username and I have to add it & rebuild
manually, which is a pain. Might be fixed now but it meant I had to
ship compiled DLLs as the standard ones wouldn't work.
Tony