On Fri, Jan 30, 2004 at 04:43:51PM -0500, Jeffrey Hutzelman wrote: > Indeed, it does. The server is not supposed to check the state of the > mutual_flag of a context accepted for gssapi-with-mic user auth. I know > the draft is not entirely clear on this point; would it help if there were > text indicating the server MUST NOT do this?
For completeness' sake, yes. The client (SHOULD NOT | MAY) set GSS_C_MUTUAL for gssapi-with-mic, but the server MUST ignore the state of the GSS_C_MUTUAL flag for gssapi-with-mic. > Also, I've not actually read this code, other than what's quoted above, but > I hope that's not the only place that flags are checked. I'm assuming the > openssh code actually implements -07 and 'gssapi-with-mic'. In the new > method, the client's final message is either SSM_MSG_USERAUTH_GSSAPI_MIC or > SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, depending entirely on whether > GSS_C_INTEG_FLAG is set. The server is REQUIRED to fail the authentication > if the client sends the wrong message; this means the value of > GSS_C_INTEG_FLAG must be tested. Right. Further, the text should say that the server MAY always reject SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE since there's no generic interface for determining whether a context doesn't have the GSS_C_INTEG flag set because the client left it off or because the mechanism doesn't support GSS_C_INTEG. Nico -- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
