[Bug 1643708] Please test proposed package
Timo Aaltonen
tjaalton at ubuntu.com
Fri Dec 16 10:22:22 UTC 2016
Hello Joshua, or anyone else affected,
Accepted krb5 into yakkety-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/krb5/1.14.3+dfsg-
2ubuntu1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed. In either case, details of your testing will help
us make a better decision.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1643708
Title:
Add SPNEGO special case for NTLMSSP+MechListMIC
Status in krb5 package in Ubuntu:
Fix Released
Status in krb5 source package in Trusty:
Fix Committed
Status in krb5 source package in Xenial:
Fix Committed
Status in krb5 source package in Yakkety:
Fix Committed
Bug description:
[Impact]
MS-SPNG section 3.3.5.1 documents an odd behavior the SPNEGO layer
needs to implement specifically for the NTLMSSP mechanism. This is
required for compatibility with Windows services.
Upstream commit:
https://github.com/krb5/krb5/commit/cb96ca52a3354e5a0ea52e12495ff375de54f9b7
We've run into this issue with Linux to Windows negotiation with
encrypted http using GSSAPI.
[Test Case]
create a file with some credentials:
$ echo F23:guest:guest > ~/ntlmcreds.txt
$ export NTLM_USER_FILE=~/ntlmcreds.txt
$ python
import gssapi
spnego = gssapi.raw.oids.OID.from_int_seq('1.3.6.1.5.5.2')
c = gssapi.creds.Credentials(mechs=[spnego], usage='initiate')
tname = gssapi.raw.names.import_name("F23/server", name_type=gssapi.raw.types.NameType.hostbased_service)
ac = gssapi.creds.Credentials(mechs=[spnego], usage='accept')
seci = gssapi.SecurityContext(creds=c, name=tname, mech=spnego, usage='initiate')
seca = gssapi.SecurityContext(creds=ac, usage='accept')
it = seci.step(token=None)
ot = seca.step(token=it)
it = seci.step(token=ot)
ot = seca.step(token=it)
it = seci.step(token=ot)
e = seci.wrap("Secrets", True)
o = seca.unwrap(e.message)
o.message
'Secrets'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1643708/+subscriptions
More information about the foundations-bugs
mailing list