Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Don't equate IAKERB and krb5 in SPNEGO initiator

To work around a historical bug in Samba, the SPNEGO initiator treats
a counterproposal as matching the optimistic token if both are aliases
for the krb5 mech. When IAKERB support was added (#6712), IAKERB was
unintentionally added to the set of mech OIDs which were considered to
be krb5 aliases for this purpose.

Remove IAKERB from gss_mech_set_krb5_both and create a new internal
mech set, kg_all_mechs, for use by krb5_gss_indicate_mechs.

https://github.com/krb5/krb5/commit/887951cd141dd2253912a17da08da016a8030a24
Author: Greg Hudson <ghudson@mit.edu>
Commit: 887951cd141dd2253912a17da08da016a8030a24
Branch: master
src/lib/gssapi/krb5/gssapiP_krb5.h | 2 ++
src/lib/gssapi/krb5/gssapi_krb5.c | 6 +++---
src/lib/gssapi/krb5/indicate_mechs.c | 2 +-
3 files changed, 6 insertions(+), 4 deletions(-)