[krbdev.mit.edu #3775] krb5_gss_accept_sec_context should handle inconsistent mutual auth requests
Tom Yu via RT
rt-comment at krbdev.mit.edu
Sat May 20 00:29:26 EDT 2006
Actually, it isn't inconsistent within the MS krb5 mech itself. I
just wan't looking at the same things in two different places. What
is actually happening is that if mutual auth is not requested, the MS
SPNEGO implementation always turns on mutual auth for the optimistic
krb5 mech token, but not for a krb5 mech token after we
counter-propose. It then insists on not doing a MIC exchange, despite
us counter-proposing.
More information about the krb5-bugs
mailing list