Henry B. Hotz wrote:
On Oct 7, 2009, at 4:40 PM, Carson Gaspar wrote:What worries me is that the native realm _is_ stripped. It shouldn't be. I'm notsure why gssapi_server_mech_step() does so.Because most programs are only set up to handle simple usernames.I thought it was only the Solaris implementation that did that (and only if the realm == the default realm in [libdefaults]). I gather you're seeing that elsewhere?
RTFS ;-) It's potentially done on all platforms. And it's done IFF:gss_import_name(x, "foo", defined(GSS_C_NT_USER_NAME) ? GSS_C_NT_USER_NAME : GSS_C_NULL_OID, &result)
if ("foo@xxxxxxx" == result) { user = "foo" }
If you're using MIT krb5's libgssapi, yes that relates to the default realm.
Other GSSAPI implementations likely behave differently.
-- Carson
