[krbdev.mit.edu #3775] krb5_gss_accept_sec_context should handle inconsistent mutual auth requests
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri May 19 23:15:02 EDT 2006
If an initiator sends an initial krb5 mechanism token with GSS_C_MUTUAL_FLAG clear, but with
mutual-required set in the AP-REQ, krb5_gss_accept_sec_context() only looks at the GSS flag.
The MS krb5 GSS mechanism implementation, when mutual auth isn't requested, appears to
emit a krb5 token that is inconsistent in this way, yet expects a reply token.
More information about the krb5-bugs
mailing list