RRC and sign_only

Luke Howard lukeh at padl.com
Wed Dec 17 06:19:54 EST 2008

On 17/12/2008, at 6:13 PM, Stefan (metze) Metzmacher wrote:

> Hi Sam,
>> We discussed the RRC issue at today's release meeting.  AT this point
>> in time we don't think it makes sense to support arbitrary rrc in the
>> non-stream case.
> I think it don't make sense to have different semantics depending on
> which api an application uses. And we should allow every per RFC valid
> request with any api.

I know where you're coming from, but I'm not convinced (and/or  
lazy :-)).

BTW, I've tested the GSS IOV code in mskrb-integ against W2K8 with  
LDAP and RPC (both rc4-hmac and AES).

(I tested the LDAP support by commenting out the gss_[un]wrap()  
implementations, which forced the mechglue to provide shims on top of  
gss_[un]wrap_iov(). See gssint_[un]seal_iov_shim().)

-- Luke

More information about the krbdev mailing list