RRC and sign_only
lukeh at padl.com
Wed Dec 17 06:19:54 EST 2008
On 17/12/2008, at 6:13 PM, Stefan (metze) Metzmacher wrote:
> Hi Sam,
>> We discussed the RRC issue at today's release meeting. AT this point
>> in time we don't think it makes sense to support arbitrary rrc in the
>> non-stream case.
> I think it don't make sense to have different semantics depending on
> which api an application uses. And we should allow every per RFC valid
> request with any api.
I know where you're coming from, but I'm not convinced (and/or
BTW, I've tested the GSS IOV code in mskrb-integ against W2K8 with
LDAP and RPC (both rc4-hmac and AES).
(I tested the LDAP support by commenting out the gss_[un]wrap()
implementations, which forced the mechglue to provide shims on top of
gss_[un]wrap_iov(). See gssint_[un]seal_iov_shim().)
More information about the krbdev