libgssapi2-heimdal init_auth() discards configured enctypes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
heimdal (Ubuntu) |
Opinion
|
Low
|
Unassigned |
Bug Description
Heimdal's libgssapi init_auth() makes a call to krb5_set_
The unfortunate side effect of this is that the list of desired enctypes requested by clients now no longer matches the list of approved enctypes specified in the system krb5.conf, and as such *all* GSS-API initiators effectively ignore the admin-configured list of desired enctypes.
The proper fix is to call krb5_set_
The patch has already been submitted upstream against 1.5, but also applies cleanly to all versions of Heimdal from at least Lucid (1.2.e1.
Changed in heimdal (Ubuntu): | |
status: | New → Opinion |
importance: | Undecided → Low |
A reply from the upstream developer to my upstream patch submission has revealed that fixing this bug exposes another edge-case bug elsewhere.
A decision on what to do upstream is pending.