[krbdev.mit.edu #1352] Cannot return prot_ready without unwrap working
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Thu Feb 20 20:16:11 EST 2003
Hi. I actually think our implementation is wrong to set the
prot_ready flag before context establishment is complete. If it sets
that flag then both gss_wrap and gss_unwrap need to work. However
gss_unwrap cannot work because the sequence state is not yet
initialized.
I'm also not sure that RFC 1964 allows this behavior; I don't think
having inconsistent support for prot_ready between implementations is
a good idea.
Why do you need this for SPNEGO? You don't have to generate the
meclistmic until after the underlying mechanism has returned complete.
More information about the krb5-bugs
mailing list