Description of problem: The credential handle returned by gss_accept_sec_context() when the client uses SPNEGO is marked as belonging to the SPNEGO mechanism, so if the calling application attempts to copy delegated Kerberos 5 credentials into a credential cache, it'll fail. Version-Release number of selected component (if applicable): krb5-1.6.1-17.el5 How reproducible: Always Steps to Reproduce: 1. Attempt to delegate credentials to mod_auth_kerb using firefox 2.0. Actual results: [Thu Oct 04 14:36:34 2007] [error] [client 172.16.80.50] Cannot store delegated credential (gss_krb5_copy_ccache: Invalid credential was supplied (No error)) Expected results: No errors. Children laughing. Dancing in the streets.
Created attachment 216591 [details] proposed fix
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update krb5'
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update krb5'
krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.