If the application calling gss_accept_sec_context() doesn't pass a value for ret_flags, we'd never be able to check if credentials had been delegated. The passed-in ret_flags value is a pointer to a bitfield, so the comparision as-written was not likely to work as expected. I've got a patch for this, but would like to hold for feedback from upstream, because there are potentially more corner cases here.
Created attachment 212921 [details] currently-proposed fix
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update krb5'
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update krb5'
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.