Mutual Auth flag and TGS exchange behaviour

Greg Hudson ghudson at MIT.EDU
Thu Oct 24 10:55:12 EDT 2013

On 10/23/2013 04:38 PM, Arpit Srivastava wrote:
> But in my system, during TGS_REQ/REP, with MUTUAL-AUTH flag set in
> gss_init_sec_context() routine call, there is some communication
> between client and service-server as well. ( i.e. during service
> ticket fetch, we have to contact Windows AD at port 88 as well as
> Exchange Server at port 80).

Can you give some details on what your system is?  MIT krb5 doesn't have
any code to contact application servers during a GSSAPI exchange, aside
from producing init_sec_context tokens for the caller to send.

If this question isn't related to MIT krb5, then it would have been more
appropriate on the kerberos at list.  krbdev is for MIT krb5
development discussion.

More information about the krbdev mailing list