r6800: A big GENSEC update:

Finally remove the distinction between 'krb5' and 'ms_krb5'.  We now
don't do kerberos stuff twice on failure.  The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process.  All modules have been updated to supply a
NULL-terminated list of OIDs.

In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.

Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.

The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line.  It will soon loose the
requirement for a on-disk keytab too.

The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.

Andrew Bartlett
(This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)

1 files changed, 1 insertions, 0 deletions

diff --git a/source4/include/structs.h b/source4/include/structs.h
index 8204cb769d..4b20559f90 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -72,6 +72,7 @@ struct auth_methods;
 struct schannel_state;
 struct spnego_data;
 struct gensec_security;
+struct gensec_security_ops;
 typedef NTSTATUS (*gensec_password_callback)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, 
 					     char **password);
 struct gensec_ntlmssp_state;