[2447] in Kerberos-V5-bugs
krb5-libs/183: GSSAPI fails to handle forwardable credentials
daemon@ATHENA.MIT.EDU (klmitch@MIT.EDU)
Tue Nov 12 19:09:24 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, klmitch@MIT.EDU
Date: Tue, 12 Nov 1996 19:08:47 -0500
From: klmitch@MIT.EDU
Reply-To: klmitch@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 183
>Category: krb5-libs
>Synopsis: GSSAPI fails to handle forwardable credentials
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 12 19:09:00 EST 1996
>Last-Modified:
>Originator: Kevin L Mitchell
>Organization:
mit
>Release: 1.0-development
>Environment:
System: SunOS starkiller 5.4 Generic_101945-37 sun4m sparc
>Description:
A test program I wrote does the following (the -d option tells it to
attempt to delegate credentials):
[starkiller]-[~]-> /var/klmitch/mycode/gss-test/client -d -s host starkiller this is a test
Message: this is a test
Service: host@starkiller
Host : starkiller
Port : 4444
Deleg : on
GSS-API error initializing context: Miscellaneous failure
GSS-API error initializing context: Generic error (see e-text)
[starkiller]-[~]-> /var/klmitch/mycode/gss-test/client -s host starkiller this is a test
Message: this is a test
Service: host@starkiller
Host : starkiller
Port : 4444
Deleg : off
Sending init_sec_context token (size 491)...continue needed...
(...and so on...)
all of which means that the GSSAPI fails to handle delegation of credentials.
Previously, it would forward them, but would fail to return the forwarded
credentials to the original caller (though it would set the delegation
flag).
>How-To-Repeat:
Perform a GSS-API init_sec_context/accept_sec_context handshake with
credential delegation turned on.
>Fix:
>Audit-Trail:
>Unformatted:
