On Mon May 19 10:31:52 2025 +0000, Dmitry Timoshkov wrote:
Thanks for working on this. Yes, this patch works for me. Obviously it needs a a patch that adds GSS_C_MUTUAL_FLAG (I'm adding also GSS_C_SEQUENCE_FLAG, but that's a minor detail), otherwise your patch basically just adds additional logic if the security package is NTLM. What are next steps with this? Should I update MR with your diff as a separate patch?
I can't reproduce the issue with GSS_C_MUTUAL_FLAG. I can authenticate using Kerberos and NTLM with or without this flag. As discussed before I think it's fine to add GSS_C_MUTUAL_FLAG | GSS_C_EXTENDED_ERROR_FLAG as our tests indicate that these are default flags. I don't see any evidence that GSS_C_SEQUENCE_FLAG is needed.
You can include my patch in this MR.