[krbdev.mit.edu #2210] GSSAPI accept_sec_context() sets INTEG andCONF flags producing inconsistent state with cleint
Douglas E. Engert
deengert at anl.gov
Fri Feb 6 11:51:44 EST 2004
The flags might be what the client appl wants, but the SSPI might be
actually doing both because it only has an enctype that does both.
So the protection on the packets may be more then the client requested.
So should the acceptor appl be told what the user requested, or what is
actually being used?
Jeffrey Altman via RT wrote:
>
> Microsoft reports that their Kerberos SSPI code is incompatible with MIT
> GSSAPI when INTEG or CONF modes are used independent of one another.
> 1964 states that the INTEG and CONF flags are to indicate the
> availability of the modes in the client. They are not to be set by the
> server.
>
> MIT's clients always set both flags which is fine, but we must be
> prepared to accept security contexts which only set one of them.
>
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krb5-bugs
mailing list