[krbdev.mit.edu #7974] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Jul 21 13:04:24 EDT 2014
Don't equate IAKERB and krb5 in SPNEGO initiator
To work around a historical bug in Samba, the SPNEGO initiator treats
a counterproposal as matching the optimistic token if both are aliases
for the krb5 mech. When IAKERB support was added (#6712), IAKERB was
unintentionally added to the set of mech OIDs which were considered to
be krb5 aliases for this purpose.
Remove IAKERB from gss_mech_set_krb5_both and create a new internal
mech set, kg_all_mechs, for use by krb5_gss_indicate_mechs.
https://github.com/krb5/krb5/commit/887951cd141dd2253912a17da08da016a8030a24
Author: Greg Hudson <ghudson at mit.edu>
Commit: 887951cd141dd2253912a17da08da016a8030a24
Branch: master
src/lib/gssapi/krb5/gssapiP_krb5.h | 2 ++
src/lib/gssapi/krb5/gssapi_krb5.c | 6 +++---
src/lib/gssapi/krb5/indicate_mechs.c | 2 +-
3 files changed, 6 insertions(+), 4 deletions(-)
More information about the krb5-bugs
mailing list