[krbdev.mit.edu #9018] Bugs while authenticating to azure files
Greg Hudson via RT
rt at kerborg-prod-app-1.mit.edu
Thu Jul 29 15:16:13 EDT 2021
<URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9018 >
On Tue Jul 27 15:00:53 2021, amandeepgautam5 at gmail.com wrote:
Sending my response to wider audience as I forgot to add the main mailing
list initially.
Although that's a good instinct for most public lists, it isn't necessary for
this one. krb5-bugs at mit.edu is fed from the bug tracker and doesn't accept
mail directly.
If you can add more details on (2), I will be happy to make the change and
test it.
If mech_requires_mechlistMIC() returns true, we want to send a MIC (because
some Windows servers erroneously require one) but not require receiving one
(because apparently some Windows servers erroneously don't send one if they
receive one). Unfortunately, this will require some pretty close attention to
detail, as the code currently assumes symmetric MIC requirements. One option
is to split the mec_reqd flag into separate send and receive flags, but then
each piece of code that uses it has to be analyzed for which half to pay
attention to. The other is to move the mech_requires_mechlistMIC() check to
the code that decides whether to send a MIC; that, too requires, some pretty
close attention to the state machine.
I can't really provide more guidance without doing the work myself. SPNEGO as
specified is very complicated, and SPNEGO as badly implemented by other
endpoints is more so.
More information about the krb5-bugs
mailing list