RT RT/krbdev.mit.edu: Ticket #2591 If channel bindings are supplied to server require them to be matched. Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
2591
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.4
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Wed Jun 9 14:30:05 2004
Starts: Not set
Started: Wed Jun 9 14:30:07 2004
Last Contact: Not set
Due: Not set
Updated: Mon Nov 15 22:22:11 2004 by tlyu
 

 People  
Owner
 hartmans
Requestors
 hartmans@mit.edu
Cc
 
AdminCc
 
 

 More about Sam Hartman  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Wed Jun  9 14:30:05 2004  hartmans - Ticket created    
     
From: hartmans@mit.edu
Subject: CVS Commit

Based on discussion on kerberos@mit.edu, the decision to allow null
channel bindings from a client to match even when server channel
bindings are supplied is flawed.  This decision assumes that we cannot
get server implementations to change even though we are able to deploy
a new Kerberos implementation on the server.  In practice the server
implementations in question have actually changed and so the only part
of revision 1.54 of accept_sec_context.c we actually need is the code
to ignore channel bindings if null channel bindings are passed into
the server.  Thus the change to allow null channel bindings from the
client to match against any channel bindings on the server is backed
out.


To generate a diff of this commit:



	cvs diff -r1.254 -r1.255 krb5/src/lib/gssapi/krb5/ChangeLog
	cvs diff -r1.88 -r1.89
		krb5/src/lib/gssapi/krb5/accept_sec_context.c


Download (untitled) 869b
      Wed Jun  9 14:30:07 2004  hartmans - Status changed from new to resolved    
      Wed Jun  9 14:30:07 2004  hartmans - Requestor hartmans@mit.edu added    
      Mon Nov 15 22:22:11 2004  tlyu - Version_Fixed 1.4 added