[Bug 1218] GSSAPI client code permits SPNEGO usage

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Aug 18 00:51:28 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1218

           Summary: GSSAPI client code permits SPNEGO usage
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Kerberos support
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: simon at sxw.org.uk


RFC4462 states that "mechanisms conforming to this document MUST NOT
use SPNEGO as the underlying GSS-API mechanism".

Unfortunately, the check in the GSSAPI client code has disappeared
somewhere in the midsts
of time. The attached patch reinstates this check, as well as tidying
up the mechanism checking
code.

I hope its in suitable KNF.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list