On Thursday 26 July 2007 20:40, Henry B. Hotz wrote: > > If I understand RFC2744 correct GSS_C_DELEG_FLAG > > would not be set in that case? > > > > Achim > > Agreed. That flag shouldn't be set AFAIK, though the value isn't > valid until negotiation is complete.
That means before trying to store delegated credentials and before checking GSS_C_DELEG_FLAG mod_auth_kerb needs to check if gss_accept_sec_context () returns major_status = GSS_S_COMPLETE (checking GSS_ERROR(major_status) does match other non-error states of major_status)? Achim ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos