Bug 319351 - gss_krb5_copy_ccache can't find delegated Kerberos creds when using SPNEGO
Summary: gss_krb5_copy_ccache can't find delegated Kerberos creds when using SPNEGO
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
(Show other bugs)
Version: 5.1
Hardware: All Linux
urgent
low
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard: GSSApproved
Keywords: ZStream
Depends On:
Blocks: 301061 436460
TreeView+ depends on / blocked
 
Reported: 2007-10-04 22:15 UTC by Nalin Dahyabhai
Modified: 2016-12-12 13:33 UTC (History)
2 users (show)

Fixed In Version: 1.6.2-11.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-13 05:06:45 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed fix (1.46 KB, patch)
2007-10-04 22:16 UTC, Nalin Dahyabhai
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0381 normal SHIPPED_LIVE krb5 bug fix update 2008-05-20 12:36:36 UTC

Description Nalin Dahyabhai 2007-10-04 22:15:55 UTC
Description of problem:
The credential handle returned by gss_accept_sec_context() when the client uses
SPNEGO is marked as belonging to the SPNEGO mechanism, so if the calling
application attempts to copy delegated Kerberos 5 credentials into a credential
cache, it'll fail.

Version-Release number of selected component (if applicable):
krb5-1.6.1-17.el5

How reproducible:
Always

Steps to Reproduce:
1. Attempt to delegate credentials to mod_auth_kerb using firefox 2.0.
  
Actual results:
[Thu Oct 04 14:36:34 2007] [error] [client 172.16.80.50] Cannot store delegated
 credential (gss_krb5_copy_ccache: Invalid credential was supplied (No error))

Expected results:
No errors.  Children laughing.  Dancing in the streets.

Comment 1 Nalin Dahyabhai 2007-10-04 22:16:48 UTC
Created attachment 216591 [details]
proposed fix

Comment 2 RHEL Product and Program Management 2007-10-16 03:36:08 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 4 Fedora Update System 2007-12-06 17:39:51 UTC
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'

Comment 5 Fedora Update System 2007-12-06 20:54:41 UTC
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'

Comment 9 Fedora Update System 2008-02-13 05:06:41 UTC
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2008-02-13 05:15:23 UTC
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.