-
Bug
-
Resolution: Fixed
-
P4
-
6
-
None
-
beta
-
generic
-
solaris
While testing native provider with MIT's libgss api implementation on Solaris, I noticed several problems which requires changing native provider to accomodate the behavior (impl) difference. To name a few:
1. Uses different syntax for interprocess tokens
2. Defines additional OID, i.e. 1.3.5.1.5.2, for Kerberos
3. Default cred acquisition with usage INITIATE_AND_ACCEPT succeeds even when there is no acceptor cred
4. Uses "@" as default acceptor name string which causes problems with current JGSS framework
5. For certain calls, the minor status code is non-zero even when the major status
code is GSS_S_COMPLETE.
One more behavior difference:
- MIT's libgss implementation supports Kerberos principal name type, i.e. "1.2.840.113554.1.2.2.1" which SEAM doesn't.
1. Uses different syntax for interprocess tokens
2. Defines additional OID, i.e. 1.3.5.1.5.2, for Kerberos
3. Default cred acquisition with usage INITIATE_AND_ACCEPT succeeds even when there is no acceptor cred
4. Uses "@" as default acceptor name string which causes problems with current JGSS framework
5. For certain calls, the minor status code is non-zero even when the major status
code is GSS_S_COMPLETE.
One more behavior difference:
- MIT's libgss implementation supports Kerberos principal name type, i.e. "1.2.840.113554.1.2.2.1" which SEAM doesn't.