Re: Bug 3480 - gssapi (cvs) breaks when external_ssf >= max_ssf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


>We were dealing recently with this bug in our environment and since 
>there is no official statement from authors, I'm CC'ing also author of 
>this commit [1], who is also author of RFC [2], if I got this right. I 
>was reading through the RFC and this commit does it exactly according to 
>specification, but it looks like it is not backward compatible with some 
>other implementations, namely M$ ActiveDirectory or even 
>cyrus-sasl-2.1.23. Interoperability is important for us and we can't 
>leave this change here only because of "it's in RFC". If I see 
>correctly, most of distributions reverted this commit in their releases 
>and they are still doing fine. We will probably join them, if there will 
>not be any other solution to maintain backward compatibility.

You know, a reading of the RFC says that if you're requesting a security
layer you MUST set the mutual_req_flag flag to TRUE, but it does not
say that you MUST set it to false if you are not.  So my reading of
the code says that it's RFC compliant without this change.  And honestly,
I cannot really envision a reason why you ever NOT want mutual
authentication (I am neutral on the sequence flag, but I cannot see the
harm in setting it).


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux