[krbdev.mit.edu #7842] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Jan 22 22:37:59 EST 2014
Fix SPNEGO one-hop interop against old IIS
IIS 6.0 and similar return a zero length reponse buffer in the last
SPNEGO packet when context initiation is performed without mutual
authentication. In this case the underlying Kerberos mechanism has
already completed successfully on the first invocation, and SPNEGO
does not expect a mech response token in the answer. If we get an
empty mech response token when the mech is complete during
negotiation, ignore it.
[ghudson at mit.edu: small code style and commit message changes]
(cherry picked from commit 37af638b742dbd642eb70092e4f7781c3f69d86d)
https://github.com/krb5/krb5/commit/e36d043094fe214c5519244ea93112ca5331e007
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: e36d043094fe214c5519244ea93112ca5331e007
Branch: krb5-1.10
src/lib/gssapi/spnego/spnego_mech.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list