Updated NAT fixes
Steven Michaud
smch at midway.uchicago.edu
Wed Apr 10 21:06:00 EDT 2002
> But now I've found a way to tie address checking to the presence or
> absence of addresses in the service ticket contained in
> gss_accept_context()'s input_token parameter. This is better, but it
> requires yet another change to gss_accept_context(), and possibly a
> revision to the GSSAPI RFC. (I add a definition of
> GSS_C_CHANNEL_BINDINGS_FOLLOW_TICKET to gssapi.h, and use it as a
> signal (in the application_data field of gss_accept_context()'s
> input_chan_bindings parameter) that gss_accept_context() should ignore
> channel bindings.)
I dropped a part of the last sentence. It should read:
(I add a definition of GSS_C_CHANNEL_BINDINGS_FOLLOW_TICKET to
gssapi.h, and use it as a signal (in the application_data field of
gss_accept_context()'s input_chan_bindings parameter) that
gss_accept_context() should ignore channel bindings when the service
ticket contained in its input_token parameter has no addresses.)
More information about the krbdev
mailing list