[11717] in Kerberos-V5-bugs
[krbdev.mit.edu #6768] SVN Commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Sep 30 23:45:49 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6768@krbdev.mit.edu>
Message-ID: <rt-6768-33204.12.7889095766684@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6768'":;"'AdminCc of krbdev.mit.edu Ticket #6768'":;@MIT.EDU
Date: Thu, 30 Sep 2010 23:45:44 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
When IAKERB support was added, the krb5_mk_req checksum function
gained access to the send subkey. This caused GSSAPI forwarded
credentials to be encrypted in the subkey, which violates RFC 4121
section 4.1.1 and is not accepted by Microsoft's implementation.
Temporarily null out the send subkey in the auth context so that
krb5_mk_ncred uses the session key instead.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24399
Commit By: ghudson
Revision: 24399
Changed Files:
U trunk/src/lib/gssapi/krb5/init_sec_context.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
