Suppressing conf/integ flags in krb5 GSS tokens
nico at cryptonector.com
Mon Jun 1 00:37:23 EDT 2015
Greg objects to SPNEGO not requesting GSS_C_INTEG_FLAG, and I tend to
agree (since it's possible to design a mechanism that uses -say- bearer
tokens for authentication but does no key exchange unless requested).
To make that work we'd have to change GSS_KRB5_CRED_NO_CI_FLAGS_X to
unset the CI flags rather than not set them by default.
More information about the krbdev