gss_accept_sec_contextand channel binding in ftp
Markus Moeller
huaraz at btinternet.com
Fri Jun 4 10:09:59 EDT 2004
I noticed that from MIT version 1.2.4 to 1.3.1 the gss_accept_sec_context call
has changed in ftpd.c. It is now set to use always GSS_C_NO_CHANNEL_BINDINGS.
I also noticed that changing the channel bindings in gss_init_sec_context on
the client doesn't create an error I would expect.
I also see a different behaviour in my proftpd mod_gss module. If the client
uses gss_init_sec_context with GSS_C_NO_CHANNEL_BINDINGS, the channel bindings
settings in gss_accept_sec_context on the server are ignored (e.g if the
server uses channel bindings with application data set and the client used
GSS_C_NO_CHANNEL_BINDINGS the client can login)
Is this intention ??
Markus
More information about the Kerberos
mailing list