gss_accept_sec_contextand channel binding in ftp
Markus Moeller
huaraz at btinternet.com
Fri Jun 4 15:25:15 EDT 2004
It means:
ftp client ftp
server login
GSS_C_NO_CHANNEL_BINDINGS GSS_C_NO_CHANNEL_BINDINGS
OK
GSS_C_NO_CHANNEL_BINDINGS channel binding set
OK
channel binding set
GSS_C_NO_CHANNEL_BINDINGS OK
channel binding set channel
binding set OK if binding is
the same
In the past case 2 and 3 failed. Is this an error in gss_accept_sec_context
?
Thanks
Markus
"Markus Moeller" <huaraz at btinternet.com> wrote in message
news:loom.20040604T154031-39 at post.gmane.org...
> I noticed that from MIT version 1.2.4 to 1.3.1 the gss_accept_sec_context
call
> has changed in ftpd.c. It is now set to use always
GSS_C_NO_CHANNEL_BINDINGS.
> I also noticed that changing the channel bindings in gss_init_sec_context
on
> the client doesn't create an error I would expect.
>
> I also see a different behaviour in my proftpd mod_gss module. If the
client
> uses gss_init_sec_context with GSS_C_NO_CHANNEL_BINDINGS, the channel
bindings
> settings in gss_accept_sec_context on the server are ignored (e.g if the
> server uses channel bindings with application data set and the client used
> GSS_C_NO_CHANNEL_BINDINGS the client can login)
>
> Is this intention ??
>
> Markus
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list