Skip Menu |

To: krb5-bugs@MIT.EDU
Subject: FAST options bit ordering is backwards
From: Tom Yu <tlyu@MIT.EDU>
Date: Fri, 14 Jun 2013 18:57:00 -0400
FAST option bits in k5-int.h are backwards from the specification in
RFC 6113. As a result, we treat the wrong 16 bits as critical FAST
options. This would be relatively easy to fix except that Heimdal
apparently sends the hide-client-names (1) option (and also gets the
bit order correct).
We need to:

1. Fix the flag and mask values in k5-int.h.

2. Implement the hide-client-names option bit in the KDC, so we don't
break interoperability with Heimdal clients.

3. Inform the kitten working group that krb5 1.7-1.11 will erroneously
consider flag bits 25-32 to be critical.
#7700 implements hide-client names and #7701 fixes the FAST option