Bug 319351 - gss_krb5_copy_ccache can't find delegated Kerberos creds when using SPNEGO
gss_krb5_copy_ccache can't find delegated Kerberos creds when using SPNEGO
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
5.1
All Linux
urgent Severity low
: rc
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
GSSApproved
: ZStream
Depends On:
Blocks: 301061 436460
  Show dependency treegraph
 
Reported: 2007-10-04 18:15 EDT by Nalin Dahyabhai
Modified: 2016-12-12 08:33 EST (History)
2 users (show)

See Also:
Fixed In Version: 1.6.2-11.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-13 00:06:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed fix (1.46 KB, patch)
2007-10-04 18:16 EDT, Nalin Dahyabhai
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0381 normal SHIPPED_LIVE krb5 bug fix update 2008-05-20 08:36:36 EDT

  None (edit)
Description Nalin Dahyabhai 2007-10-04 18:15:55 EDT
Description of problem:
The credential handle returned by gss_accept_sec_context() when the client uses
SPNEGO is marked as belonging to the SPNEGO mechanism, so if the calling
application attempts to copy delegated Kerberos 5 credentials into a credential
cache, it'll fail.

Version-Release number of selected component (if applicable):
krb5-1.6.1-17.el5

How reproducible:
Always

Steps to Reproduce:
1. Attempt to delegate credentials to mod_auth_kerb using firefox 2.0.
  
Actual results:
[Thu Oct 04 14:36:34 2007] [error] [client 172.16.80.50] Cannot store delegated
 credential (gss_krb5_copy_ccache: Invalid credential was supplied (No error))

Expected results:
No errors.  Children laughing.  Dancing in the streets.
Comment 1 Nalin Dahyabhai 2007-10-04 18:16:48 EDT
Created attachment 216591 [details]
proposed fix
Comment 2 RHEL Product and Program Management 2007-10-15 23:36:08 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Fedora Update System 2007-12-06 12:39:51 EST
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'
Comment 5 Fedora Update System 2007-12-06 15:54:41 EST
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'
Comment 9 Fedora Update System 2008-02-13 00:06:41 EST
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-02-13 00:15:23 EST
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.