Otherwise GSSAPI will consult other mechanisms if available and we can
only cope with krb5 credentials here.
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 30 20:45:23 UTC 2020 on sn-devel-184
.count = 1,
};
- gss_OID_set mech_set = GSS_C_NO_OID_SET;
+ /* we are interested exclusively in krb5 credentials,
+ * indicate to GSSAPI that we are not interested in any other
+ * mechanism here */
+ gss_OID_set_desc mech_set = {
+ .count = 1,
+ .elements = discard_const_p(struct gss_OID_desc_struct,
+ gss_mech_krb5),
+ };
+
gss_cred_usage_t cred_usage = GSS_C_INITIATE;
gss_name_t name = NULL;
gss_buffer_desc pr_name = {
major_status = gss_acquire_cred_from(minor_status,
name,
0,
- mech_set,
+ &mech_set,
cred_usage,
&cred_store,
cred,