Suppressing conf/integ flags in krb5 GSS tokens

Benjamin Kaduk kaduk at MIT.EDU
Mon Jun 1 13:04:22 EDT 2015

On Mon, 1 Jun 2015, Nico Williams wrote:

> On Sun, May 31, 2015 at 01:59:24PM -0400, Greg Hudson wrote:
> > Comments?
> Heimdal's SPNEGO implementation neither checks the the GSS_C_INTEG_FLAG
> ret_flag, nor requests it as a req_flag.  Heimdal's SPNEGO discovers
> integrity support by calling gss_get_mic(): if it returns GSS_S_UNAVAIL,
> then integrity support is not provided, otherwise it is.  Heimdal also
> assumes that if a MIC is received then integrity support must be
> available.

It's not clear how generic that assumption is, because...

> I believe calling GSS_GetMIC() and GSS_VerifyMIC() even when
> GSS_C_INTEG_FLAG is not set in ret_flags is perfectly permissible in
> RFC2743.

That seems correct.  Section 1.2.2:

   GSS-API callers desiring per-message security services should check
   the values of these flags at context establishment time, and must be
   aware that a returned FALSE value for integ_avail means that
   invocation of GSS_GetMIC() or GSS_Wrap() primitives on the associated
   context will apply no cryptographic protection to user data messages.

Note that this seems to imply that you can generate a MIC which provides
no integrity benefit, calling the above assumption into question.


More information about the krbdev mailing list