On Jun 3, 2007, at 12:43, Russ Allbery wrote:
Yes. Unless I'm missing something, it seems like
krb5_verify_init_creds
could use any key in the keytab (well, provided that there isn't
another
key for the same principal with a later kvno) if no particular
principal
is specified.
At
I tried to run the below test (KRB5_NT_UNKNOWN in krb5_sname_to_principal)
on OpenSolaris and it fails with
Not enough space while getting credentials
I traced it to krb5_copy_keyblock_data at:
if ((to-contents == NULL || from-contents == NULL)
from-length 0)
return (ENOMEM);
John Hascall [EMAIL PROTECTED] wrote:
One of these days I'm going to request (for HCOOP) crossrealm trusts
with the top 10 computer science universities in the USA [*] and
document (a) my success rate, (b) how many emails it took, and (c)
how many months from first request to working trust
Lets say that there were Kerberos cross-realm trusts created between
these various organizations. Would that really help? The original
point was to gain access to the AFS filesystem. Just logging onto the
machine is possible now using SSH keys. Do other sites use AFS
foreign users