SPNEGO & IDP 3.2.1

Cantor, Scott cantor.2 at osu.edu
Thu May 26 23:44:30 EDT 2016

> I do have this really vague memory of the SWITCH contingent mentioning a
> condition like this to me. Like maybe the code didn't handle that error case
> correctly initially and I needed to fix that, whereas I thought if the GSS loop
> completed that the name extract step would be guaranteed to work (which I
> still would think, so I don't understand the issue). I can't find anything in the
> archive on it, so it might have been off list.

And this is the comment in the code:

         // This case should never happen, but we observed it. Handle it as authentication failure.

Pretty sure the "we" in the comment is SWITCH, who contributed the code. So not terribly helpful other than to reinforce that apparently it wasn't clear why this is happening.

-- Scott

More information about the users mailing list