Question on Kerberos (GSSAPI) auth

[Ron Frederick]

I’m working on an implementation of “gssapi-with-mic” authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I’ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462. Specifically, RFC 4462 says the following in section 3.4:

   Since the user authentication process by its nature authenticates
   only the client, the setting of mutual_req_flag is not needed for
   this process.  This flag SHOULD be set to "false".

However, when I try to have my implementation not set this flag and just send a GSSAPI_TOKEN message immediately followed by a GSSAPI_MIC message without waiting for a server token (since the authentication is complete as soon as the client token is sent when mutual auth is disabled), I get a failure from OpenSSH:

Failed gssapi-with-mic for ronf from 74.93.13.193 port 64645 ssh2

If I turn on mutual authentication in my client context (going against the recommendation in the RFC) and wait for a token to come back from the server before I send the GSSAPI_MIC message, the authentication succeeds.

Looking at the OpenSSH source code, I see that it always unconditionally enables mutual authentication in the client contexts it allocates. In ssh_gssapi_init_ctx, it does the following:

        ctx->major = gss_init_sec_context(&ctx->minor,
            GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
            GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
            0, NULL, recv_tok, NULL, send_tok, flags, NULL);

I don’t see anything in the RFC 4462 errata about this recommendation having changed. Does anyone know why OpenSSH enables this? It makes sense for GSSAPI key exchange (which OpenSSH doesn’t seem to implement), but not for GSSAPI authentication.
-- 
Ron Frederick
ronf at timeheart.net