Integrity forced upon mechanism in spnego

Simo Sorce simo at
Sun Apr 13 00:34:41 EDT 2014

I am dealing with an interesting issue in spnego involving MIC tokens
and reading the code I found out that init_ctx_call_init in
spnego_mech.c forces req_flags to always request GSS_C_INTEG_FLAG from
the mechanism.

Git blame brought me to a branch called mechglue, but that branch is
quite different from the actual code that has been supposedly merged
from there and does not force the flag.

Does anyone know why this is being done ?

I ask because later on the code checks the spnego context flags to see
if integrity was requested and does not find it there. This prevents a
mechlistMIC token from being be generated.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list