[OpenAFS-devel] gssklog and globus 4.2.1 gssapi
mike coyne
mike.coyne@paccar.com
Thu, 17 Dec 2009 09:56:13 -0600
There seems to be problem with getting mutual auth to work for the
globus service gssklog in the client application gssklog. the call to
gss_init_sec_context() fails comparing the returned CN with the expected
service/fqdn. After some tracing i found if i added the service gssklog
to the globus_i_gsi_gssapi_get_hostname() function ( see below ) the
mutual auth worked as expected. This seemed to be a bit extreme to get
the mutual auth to work for a generic service as the only services
listed in the function were host/ and ftp/. I am wondering if i may have
missed something?
Mike Coyne
-------------cut-line---------------
Index:
trunk/gt4.2/source-trees/gsi/gssapi/source/library/globus_i_gsi_gss_utils.c
===================================================================
---
trunk/gt4.2/source-trees/gsi/gssapi/source/library/globus_i_gsi_gss_utils.c (revision 540)
+++
trunk/gt4.2/source-trees/gsi/gssapi/source/library/globus_i_gsi_gss_utils.c (revision 613)
@@ -2530,7 +2530,12 @@
{
length = name_entry->value->length;
data = name_entry->value->data;
- if ( length > 5 && !strncasecmp((char *) data, "host/", 5))
+ if ( length > 8 && !strncasecmp((char *) data, "gssklog/", 8))
+ {
+ length -= 8;
+ data += 8;
+ }
+ else if ( length > 5 && !strncasecmp((char *) data,
"host/", 5))
{
length -= 5;
data += 5;
-------------cut-line---------------