Suppressing conf/integ flags in krb5 GSS tokens

Nico Williams nico at cryptonector.com
Mon Jun 1 00:37:23 EDT 2015

Previous message: Suppressing conf/integ flags in krb5 GSS tokens
Next message: Suppressing conf/integ flags in krb5 GSS tokens
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greg objects to SPNEGO not requesting GSS_C_INTEG_FLAG, and I tend to
agree (since it's possible to design a mechanism that uses -say- bearer
tokens for authentication but does no key exchange unless requested).

To make that work we'd have to change GSS_KRB5_CRED_NO_CI_FLAGS_X to
unset the CI flags rather than not set them by default.

Nico
--

Previous message: Suppressing conf/integ flags in krb5 GSS tokens
Next message: Suppressing conf/integ flags in krb5 GSS tokens
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krbdev mailing list