[Bug 551901] Re: likewise-open fails to join Windows 2000 SP4 domain

Sam Hartman hartmans at debian.org
Wed Apr 14 19:16:07 BST 2010


I don't see a upstream krb5 bug for this issue.
I would recommend against applying this patch  until someone familiar
with the SPNEGO  security model and the code has evaluated it.

Basically, certain versions of Windows produce bad SPNEGO tokens.  It's
appropriate to ignore these in some situations spelled out in the RFC,
but creates a significant security issue in others.  I suspect that this
may be OK, but I don't have the spnego state machine in my head now, nor
do I have the MIT SPNEGO code in my head now.  The easiest way to get
comfortable with this patch would be for upstream krb5 to evaluate it:
they have been working on the SPNEGO code a lot lately so it would
probably require less effort for them.

-- 
likewise-open fails to join Windows 2000 SP4 domain
https://bugs.launchpad.net/bugs/551901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.



More information about the Ubuntu-server-bugs mailing list