[16804] in Kerberos_V5_Development
Re: gss_krb5_export_lucid_sec_context broken since 1.7?
daemon@ATHENA.MIT.EDU (Kevin Coffman)
Mon May 9 09:54:21 2011
MIME-Version: 1.0
In-Reply-To: <201105061759.p46HxcvG013218@outgoing.mit.edu>
Date: Mon, 9 May 2011 09:54:16 -0400
Message-ID: <BANLkTikPgceBAqZAHVFMtHc7Ax+313LExA@mail.gmail.com>
From: Kevin Coffman <kwc@citi.umich.edu>
To: ghudson@mit.edu
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Greg,
I will do some specific testing Wednesday, but I have not heard of any
issues. If this change was in the mechglue area, that might explain
it. We currently use our own libgssglue for gssd (I can provide
history if you're interested...).
K.C.
On Fri, May 6, 2011 at 1:59 PM, <ghudson@mit.edu> wrote:
> While working on the kernel subset, I ran into an apparent fatal bug
> in gss_krb5_export_lucid_sec_context. Since this function was
> rewritten in 1.7 to use gss_inquire_sec_context_by_oid, it's been
> calling krb5_gss_delete_sec_context on a union context, which
> invariably causes a crash.
>
> The fix is easy. What confuses me is why this hasn't been bothering
> Linux-NFS users, while much more subtle issues have been (like
> acceptor subkey enctype negotiation). Does anyone have any insight?
> I think there are things I don't understand about the glue between
> gssd and the MIT krb5 code.
>
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
