Hi,
I am looking at MIT's GSS & Kerberos implementation release of 1.2.1. I noticed
that even if the client did n't set GSS_C_CONF_FLAG in init_sec_context
request, it is always set when the context is established. I think this happens
as a result of the following:
#define KG_IMPLFLAGS(x) (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \
GSS_C_TRANS_FLAG | GSS_C_PROT_READY_FLAG | \
((x) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)))
in lib/gssapi/krb5/gssapiP_krb5.h. The above define is used in both accept and
init sec context functions. This results in the context always having privacy
enabled even if the client did n't ask for it.
Is there a reason for such generousity or is it just an oversight?
Thanks
= Ram Marti
