[krbdev.mit.edu #2210] GSSAPI accept_sec_context() sets INTEG and CONF flags producing inconsistent state with cleint
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Feb 6 02:00:09 EST 2004
Microsoft reports that their Kerberos SSPI code is incompatible with MIT
GSSAPI when INTEG or CONF modes are used independent of one another.
1964 states that the INTEG and CONF flags are to indicate the
availability of the modes in the client. They are not to be set by the
server.
MIT's clients always set both flags which is fine, but we must be
prepared to accept security contexts which only set one of them.
More information about the krb5-bugs
mailing list