[krbdev.mit.edu #6768] regression in gssapi when using GSS_C_DCE_STYLE flag
Simo Sorce via RT
rt-comment at krbdev.mit.edu
Mon Sep 13 18:19:13 EDT 2010
Ticket update.
Thanks to git-bisect and Luke Howard it appears the problem has been
identified.
The bug has been introduced with this commit:
http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/krb5/krb/mk_req_ext.c?r1=23100&r2=23358
The issu is in the reordering of the checksum check in
krb5_mk_req_extended()
The attached patch is a temporary workaround that shows the issue is
indeed in that reordering as I am able to pass the rpcclient test using it.
It is not final because apparently it breaks IAKRB.
A better patch should follow.
More information about the krb5-bugs
mailing list