On Friday 27 July 2007 09:14, Mikkel Kruse Johnsen wrote: > After the patch (attached) I get this.
I think your patch does my idea wrong. Your patch checks major_status == GSS_S_COMPLETE but in your patch major_status is the return-value of gss_display_name(), not of accept_sec_token. You need to store the return-value of accept_sec_token in a 2nd variable, "major_status_accept" for example and check major_status_accept == GSS_S_COMPLETE (or move the delegation-store-code direct below the accept_sec_token() so major_status really holds the value of accept_sec_token. Maybe the client tries to to mutual authentication and the TGT is only delegated *after* the mutual-auth-roundrip has finished? Achim ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos