Hi,
We have been trying to figure out where things go wrong while try login
using delegated auth option. It seems the root cause of the failed delegated
credentials is that the structure "credentials" of type cli_credentials is
not populated. I think it is this structure that allows the client to talk
to the exchange server. It seems that every request response needs this to
match the domain/user/password that was used during the initial login.
In the success case (cli_credentials):
{workstation_obtained = CRED_UNINITIALISED, username_obtained =
CRED_SPECIFIED, password_obtained = CRED_SPECIFIED, domain_obtained =
CRED_SPECIFIED, realm_obtained = CRED_UNINITIALISED, ccache_obtained =
CRED_UNINITIALISED, client_gss_creds_obtained = CRED_UNINITIALISED,
principal_obtained = CRED_UNINITIALISED, keytab_obtained =
CRED_UNINITIALISED, server_gss_creds_obtained = CRED_UNINITIALISED,
ccache_threshold = CRED_SPECIFIED, client_gss_creds_threshold =
CRED_SPECIFIED, workstation = 0x950d828 "MAPIPROXY", username = 0x9424fb8 "*
adam*", password = 0x950d8b0 "*xyz*", old_password = 0x0, domain = 0x9354b88
"*NETWORKS*", realm = 0x93845f8 "*NETWORKS.COM*", principal = 0x0,
salt_principal = 0x0, bind_dn = 0x0, nt_hash = 0x0, lm_response = {data =
0x0, length = 0}, nt_response = {data = 0x0, length = 0}, ccache = 0x0,
client_gss_creds = 0x0, keytab = 0x0, server_gss_creds = 0x0, workstation_cb
= 0, password_cb = 0, username_cb = 0, domain_cb = 0, realm_cb = 0,
principal_cb = 0, priv_data = 0x0, netlogon_creds = 0x0, secure_channel_type
= SEC_CHAN_NULL, kvno = 0, smb_krb5_context = 0x0, machine_account_pending =
false, machine_account_pending_lp_ctx = 0x0, machine_account = false,
use_kerberos = CRED_AUTO_USE_KERBEROS, gensec_features = 0, tries = 3,
callback_running = false}
In the failure case (cli_credentials):
{workstation_obtained = CRED_UNINITIALISED, username_obtained =
CRED_SPECIFIED, password_obtained = CRED_SPECIFIED, domain_obtained =
CRED_SPECIFIED, realm_obtained = CRED_SPECIFIED, ccache_obtained =
CRED_UNINITIALISED, client_gss_creds_obtained = CRED_UNINITIALISED,
principal_obtained = CRED_UNINITIALISED, keytab_obtained =
CRED_UNINITIALISED, server_gss_creds_obtained = CRED_UNINITIALISED,
ccache_threshold = CRED_SPECIFIED, client_gss_creds_threshold =
CRED_SPECIFIED, workstation = 0x95412b8 "", username = 0x93afd08 "",
password = 0x0, old_password = 0x0, domain = 0x8df9418 "", realm = 0x0,
principal = 0x0, salt_principal = 0x0, bind_dn = 0x0, nt_hash = 0x0,
lm_response = {data = 0x0, length = 0}, nt_response = {data = 0x0, length =
0}, ccache = 0x0, client_gss_creds = 0x0, keytab = 0x0, server_gss_creds =
0x0, workstation_cb = 0, password_cb = 0, username_cb = 0, domain_cb = 0,
realm_cb = 0, principal_cb = 0, priv_data = 0x0, netlogon_creds = 0x0,
secure_channel_type = 153286232, kvno = 49, smb_krb5_context = 0x0,
machine_account_pending = false, machine_account_pending_lp_ctx = 0x0,
machine_account = false, use_kerberos = CRED_AUTO_USE_KERBEROS,
gensec_features = 0, tries = 3, callback_running = false}
As you can see, user, password and domain are missing. In fact it does not
appear that there is any credential information at all.
*Anybody has any idea when delegated credential support code is going to be
fixed ? *
*
*
And btw congratulations on the 0.9 release.* *
*
*
Thanks,
Azhar.
**
_______________________________________________
devel mailing list
[email protected]
http://mailman.openchange.org/listinfo/devel
