GSS-API and libkrb5 behavior for Anonymous tickets

[Nicolas Williams]

On Wed, Nov 04, 2009 at 04:13:25PM -0500, Sam Hartman wrote:
> If you're going to do the work to standardize this behavior, I
> wouldn't mind much, although I probably would mildly disagree.
> 
> However, I disagree fairly strongly unless this is going to be
> accompanied by an update to 2743.  My argument is that it breaks
> conforming GSS-API applications.  If I'd prefer anonymous but would be
> willing to accept an authenticated context, then I would end up
> failing with your mechanism.  If I'm writing a portable application I
> have to check the output flag anyway, even if some mechanisms do offer
> this behavior.

Interesting.  I'm not sure what the value of that is.  I suppose one
might be signing on to a comment board where one might act differently
according to whether one is anonymous, for example.

> So, with your approach, you complicate the life of every portable
> application.  That seems poor.

I don't think mechanisms are required to act as you say though.  But
yes, if there's any value to the optional anonymity, then I'd have to
agree.

I'd certainly expect apps where anonymity matters to: a) uses
GSS_C_NT_ANONYMOUS names for the initiator's credential's desired_name,
b) use the anon req_flag, c) check for the presence of the anon ret_flag
after each call to gss_init_sec_context().

Nico
--