Issue with gssapi on OpenSolaris
Markus Moeller
huaraz at moeller.plus.com
Sat Oct 8 08:10:52 EDT 2005
I think I found the issue. It is bug 6310540
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6310540
Markus
"Markus Moeller" <huaraz at moeller.plus.com> wrote in message
news:di89u0$epj$1 at sea.gmane.org...
>I have a problem on OpenSolaris with the GSSAPI. When I use the MIT
> gss-sample program (with minor changes e.g. included gssapi header file)
> I don't get all the context flags transfered to the server. It looks like
> a bug
> somewhere in the gssapi. Has anybody seen this issue or know what is
> wrong in the sample program ? BTW it works on Solaris 10.
>
> Thanks
> Markus
>
> On OpenSolaris:
>
> $ uname -a
> SunOS server1.test.com 5.11 snv_23 i86pc i386 i86pc
>
> The first and second request sends flags:
> GSS_C_MUTUAL_FLAG
> GSS_C_REPLAY_FLAG
> GSS_C_CONF_FLAG
> GSS_C_IN TEG_FLAG
>
>
> $ ./gss-client -port 10000 server1.test.com host Hello
> Sending init_sec_context token (size=1759)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "user1 at TEST.COM" to "host/server1.test.com at TEST.COM", lifetime 24621,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
> $ ./gss-client -port 10000 server1.test.com host Hello
> Sending init_sec_context token (size=1758)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "user1 at TEST.COM" to "host/server1.test.com at TEST.COM", lifetime 24618,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
>
> The server receives for the first request:
> GSS_C_DELEG_FLAG
> GSS_C_REPLAY_FLAG
> GSS_C_INTEG_FLAG
>
> an d for the second only:
> GSS_C_DELEG_FLAG
>
>
> $ /src/user1/gss-sample/gss-server -port 10000 host
> context flag: GSS_C_DELEG_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_INTEG_FLAG
> Accepted connection: "user1 at TEST.COM"
> Received message: "Hello"
> NOOP token
> context flag: GSS_C_DELEG_FLAG
> Accepted connection: "user1 at TEST.COM"
> Received message: "Hello"
> NOOP token
>
>
> Wheras on Solaris 10 I get the expected result with the server getting the
> exact 4 flags the client sent:
> GSS_C_MUTUAL_FLAG
> GSS_C_REPLAY_FLAG
> GSS_C_CONF_FLAG
> GSS_C_INT EG_FLAG
>
>
> Solaris 10
> $ uname -a
> SunOS server2.test.com 5.10 Generic_118822-18 sun4u sparc SUNW,Ultra-5_10
>
>
> $ ./gss-client -port 10000 server2.test.com host Hello
> Sending init_sec_context token (size=1755)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "user1 at TEST.COM" to "host/server2.test.com at TEST.COM", lifetime 26716,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
>
>
> $ ./gss-client -port 10000 server2.test.com host Hello
> Sending init_sec_context token (size=1756)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "user1 at TEST.COM" to "host/server2.test.com at TEST.COM", lifetime 26714,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
> $ ./gss-server -port 10000 host
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> Accepted connection: "user1 at TEST.COM"
> Received message: "Hello"
> NOOP token
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> Accepted connection: "user1 at TEST.COM"
> Received message: "Hello"
> NOOP token
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list