Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: SVN Commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 549


When IAKERB support was added, the krb5_mk_req checksum function
gained access to the send subkey.  This caused GSSAPI forwarded
credentials to be encrypted in the subkey, which violates RFC 4121
section 4.1.1 and is not accepted by Microsoft's implementation.
Temporarily null out the send subkey in the auth context so that
krb5_mk_ncred uses the session key instead.


https://github.com/krb5/krb5/commit/bb441175c30679eb913a839b87478b96923bbaae
Commit By: ghudson
Revision: 24399
Changed Files:
U   trunk/src/lib/gssapi/krb5/init_sec_context.c