gss_krb5_export_lucid_sec_context broken since 1.7?

Kevin Coffman kwc at
Mon May 9 09:54:16 EDT 2011

Hi Greg,
I will do some specific testing Wednesday, but I have not heard of any
issues.  If this change was in the mechglue area, that might explain
it.  We currently use our own libgssglue for gssd (I can provide
history if you're interested...).


On Fri, May 6, 2011 at 1:59 PM,  <ghudson at> wrote:
> While working on the kernel subset, I ran into an apparent fatal bug
> in gss_krb5_export_lucid_sec_context.  Since this function was
> rewritten in 1.7 to use gss_inquire_sec_context_by_oid, it's been
> calling krb5_gss_delete_sec_context on a union context, which
> invariably causes a crash.
> The fix is easy.  What confuses me is why this hasn't been bothering
> Linux-NFS users, while much more subtle issues have been (like
> acceptor subkey enctype negotiation).  Does anyone have any insight?
> I think there are things I don't understand about the glue between
> gssd and the MIT krb5 code.

More information about the krbdev mailing list