** Changed in: heimdal (Ubuntu)
Status: New => Opinion
** Changed in: heimdal (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/849349
Title:
libgssapi2-heimdal init_auth() discards configured enctypes
Status in “heimdal” package in Ubuntu:
Opinion
Bug description:
Heimdal's libgssapi init_auth() makes a call to
krb5_set_default_in_tkt_etypes() to support certain NFS clients.
However, this call is always made, and thus can also be made when the
second argument passed can be NULL. The behaviour of
krb5_set_default_in_tkt_etypes() in such an invocation is to reset the
GSS-API context to requesting keys with any enctype supported by the
client libraries.
The unfortunate side effect of this is that the list of desired
enctypes requested by clients now no longer matches the list of
approved enctypes specified in the system krb5.conf, and as such *all*
GSS-API initiators effectively ignore the admin-configured list of
desired enctypes.
The proper fix is to call krb5_set_default_in_tkt_etypes() if and only
if the second argument is not NULL, as per the attached patch.
The patch has already been submitted upstream against 1.5, but also
applies cleanly to all versions of Heimdal from at least Lucid
(1.2.e1.dfsg.1-1ubuntu1) onwards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/849349/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
