[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ASN.1 BITSTRING and NegTokenInit.reqFlags




23 feb 2008 kl. 17.09 skrev Michael B Allen:

> On Sat, 23 Feb 2008 11:29:06 +0100
> Love Hörnquist Åstrand <lha@kth.se> wrote:
>
>> Hello Michael,
>>
>>> Heimdal's NegTokenInit.reqFlags is unconditionally set to NULL in
>>> lib/gssapi/spnego/init_sec_context.c:spnego_initial. It seems this
>>> causes AD to think that it should do whatever it wants which is to  
>>> use
>>> both integrity and confidentiality. If you then don't use  
>>> integrity on
>>> LDAP SASL buffers, AD will simply not respond and the LDAP operation
>>> will timeout. If you don't use confidentiality on LDAP SASL buffers,
>>> AD will return encrypted responses.
>>>

> Excellent. So by the time I migrate from 0.7.2 it should all work.

Except that Heimdal SPNEGO still doesn't send ContextFlags, so if this  
is your problem, you'll still have it.

Love