[cvsnt] Re: gserver_protocol_mit.dll missing in Windows CVSNT-2.0.56
Douglas E. Engert
deengert at anl.gov
Mon Sep 27 22:11:32 BST 2004
Tony Hoyle wrote:
> Douglas E. Engert wrote:
>
>> Almost. If the users and severs are in different realms, the MS
>> kerberos has troubles determining the realm of the server if the
>> server is in a non AD realm. There is a way around this, as the
>> MS InitializeSecurityContext can take service/host at realm
>> as the service principal name. The trick it to get this
>> passed in.
>
>
> I'm open to ideas - didn't know about that functionality actually. I
> could add a realm parameter to gserver.
>
Attached is a patch to added a realm= parameter to gserver, when
compiled with GSS_AD. If realm=<realm> is added a keyword to
gserver, it will pass in cvs@<host>@<realm> otherwise it
does what it does today, and passes in cvs@<host>
This appears to work as expected in our mixed AD and non AD Kerberos
realm environment.
Please consider for the next release.
This was also submitted as bug 0000099 today.
> Tony
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the cvsnt
mailing list