Comment 12 for bug 551901
Revision history for this message
| Sam Hartman (hartmans) wrote Re: [Bug 551901] Re: likewise-open fails to join Windows 2000 SP4 domain | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I don't see a upstream krb5 bug for this issue.
I would recommend against applying this patch until someone familiar
with the SPNEGO security model and the code has evaluated it.
Basically, certain versions of Windows produce bad SPNEGO tokens. It's
appropriate to ignore these in some situations spelled out in the RFC,
but creates a significant security issue in others. I suspect that this
may be OK, but I don't have the spnego state machine in my head now, nor
do I have the MIT SPNEGO code in my head now. The easiest way to get
comfortable with this patch would be for upstream krb5 to evaluate it:
they have been working on the SPNEGO code a lot lately so it would
probably require less effort for them.