[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] miscellaneous mechglue stuff

To: lukeh@PADL.COM
Subject: Re: [patch] miscellaneous mechglue stuff
From: Michael B Allen <mba2000@ioplex.com>
Date: Sun, 30 Apr 2006 21:43:45 -0400
Cc: heimdal-discuss@sics.se
In-Reply-To: <200605010021.k410LsVg055134@au.padl.com>
References: <200605010021.k410LsVg055134@au.padl.com>
Sender: owner-heimdal-discuss@sics.se

On Mon, 1 May 2006 10:21:54 +1000
Luke Howard <lukeh@PADL.COM> wrote:

> 
> >>     if (authenticator->cksum->cksumtype == CKSUMTYPE_RSA_MD5) {
> >>         ret = krb5_verify_checksum(gssapi_krb5_context,
> >>             NULL, 0, NULL, 0, authenticator->cksum);
             flags = 0;
> >>     } else {
> >>         ret = gssapi_krb5_verify_8003_checksum(minor_status,
> 
> Also be careful to initialize flags = 0 if you do not call
> gssapi_krb5_verify_8003_checksum().

Mmm, do we REALLY want it 0 or should be just mask off certain bits? I
recall reading about this but I confess I don't fully understand the
implications regarding how the flags are communicated in the authenticator
checksum. With that break mutual?

Mike

Follow-Ups:
- Re: [patch] miscellaneous mechglue stuff
  - From: Luke Howard <lukeh@PADL.COM>
- Re: [patch] miscellaneous mechglue stuff
  - From: Luke Howard <lukeh@PADL.COM>

References:
- Re: [patch] miscellaneous mechglue stuff
  - From: Luke Howard <lukeh@PADL.COM>

Prev by Date: Re: [patch] miscellaneous mechglue stuff
Next by Date: Re: [patch] miscellaneous mechglue stuff
Prev by thread: Re: [patch] miscellaneous mechglue stuff
Next by thread: Re: [patch] miscellaneous mechglue stuff
Index(es):
- Date
- Thread