I think I found the issue. It is bug 6310540 http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6310540
Markus "Markus Moeller" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I have a problem on OpenSolaris with the GSSAPI. When I use the MIT > gss-sample program (with minor changes e.g. included gssapi header file) > I don't get all the context flags transfered to the server. It looks like > a bug > somewhere in the gssapi. Has anybody seen this issue or know what is > wrong in the sample program ? BTW it works on Solaris 10. > > Thanks > Markus > > On OpenSolaris: > > $ uname -a > SunOS server1.test.com 5.11 snv_23 i86pc i386 i86pc > > The first and second request sends flags: > GSS_C_MUTUAL_FLAG > GSS_C_REPLAY_FLAG > GSS_C_CONF_FLAG > GSS_C_IN TEG_FLAG > > > $ ./gss-client -port 10000 server1.test.com host Hello > Sending init_sec_context token (size=1759)...continue needed... > > context flag: GSS_C_MUTUAL_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_CONF_FLAG > context flag: GSS_C_INTEG_FLAG > "[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 24621, > flags > 1b6, locally initiated, open > Name type of source name is { 1 2 840 113554 1 2 1 1 }. > Mechanism { 1 2 840 113554 1 2 2 } supports 8 names > 0: { 1 2 840 113554 1 2 1 1 } > 1: { 1 2 840 113554 1 2 1 2 } > 2: { 1 2 840 113554 1 2 1 3 } > 3: { 1 3 6 1 5 6 2 } > 4: { 1 3 6 1 5 6 2 } > 5: { 1 3 6 1 5 6 4 } > 6: { 1 2 840 113554 1 2 1 1 } > 7: { 1 2 840 113554 1 2 2 2 } > Signature verified. > > $ ./gss-client -port 10000 server1.test.com host Hello > Sending init_sec_context token (size=1758)...continue needed... > > context flag: GSS_C_MUTUAL_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_CONF_FLAG > context flag: GSS_C_INTEG_FLAG > "[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 24618, > flags > 1b6, locally initiated, open > Name type of source name is { 1 2 840 113554 1 2 1 1 }. > Mechanism { 1 2 840 113554 1 2 2 } supports 8 names > 0: { 1 2 840 113554 1 2 1 1 } > 1: { 1 2 840 113554 1 2 1 2 } > 2: { 1 2 840 113554 1 2 1 3 } > 3: { 1 3 6 1 5 6 2 } > 4: { 1 3 6 1 5 6 2 } > 5: { 1 3 6 1 5 6 4 } > 6: { 1 2 840 113554 1 2 1 1 } > 7: { 1 2 840 113554 1 2 2 2 } > Signature verified. > > > The server receives for the first request: > GSS_C_DELEG_FLAG > GSS_C_REPLAY_FLAG > GSS_C_INTEG_FLAG > > an d for the second only: > GSS_C_DELEG_FLAG > > > $ /src/user1/gss-sample/gss-server -port 10000 host > context flag: GSS_C_DELEG_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_INTEG_FLAG > Accepted connection: "[EMAIL PROTECTED]" > Received message: "Hello" > NOOP token > context flag: GSS_C_DELEG_FLAG > Accepted connection: "[EMAIL PROTECTED]" > Received message: "Hello" > NOOP token > > > Wheras on Solaris 10 I get the expected result with the server getting the > exact 4 flags the client sent: > GSS_C_MUTUAL_FLAG > GSS_C_REPLAY_FLAG > GSS_C_CONF_FLAG > GSS_C_INT EG_FLAG > > > Solaris 10 > $ uname -a > SunOS server2.test.com 5.10 Generic_118822-18 sun4u sparc SUNW,Ultra-5_10 > > > $ ./gss-client -port 10000 server2.test.com host Hello > Sending init_sec_context token (size=1755)...continue needed... > > context flag: GSS_C_MUTUAL_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_CONF_FLAG > context flag: GSS_C_INTEG_FLAG > "[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 26716, > flags > 1b6, locally initiated, open > Name type of source name is { 1 2 840 113554 1 2 1 1 }. > Mechanism { 1 2 840 113554 1 2 2 } supports 8 names > 0: { 1 2 840 113554 1 2 1 1 } > 1: { 1 2 840 113554 1 2 1 2 } > 2: { 1 2 840 113554 1 2 1 3 } > 3: { 1 3 6 1 5 6 2 } > 4: { 1 3 6 1 5 6 2 } > 5: { 1 3 6 1 5 6 4 } > 6: { 1 2 840 113554 1 2 1 1 } > 7: { 1 2 840 113554 1 2 2 2 } > Signature verified. > > > > $ ./gss-client -port 10000 server2.test.com host Hello > Sending init_sec_context token (size=1756)...continue needed... > > context flag: GSS_C_MUTUAL_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_CONF_FLAG > context flag: GSS_C_INTEG_FLAG > "[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 26714, > flags > 1b6, locally initiated, open > Name type of source name is { 1 2 840 113554 1 2 1 1 }. > Mechanism { 1 2 840 113554 1 2 2 } supports 8 names > 0: { 1 2 840 113554 1 2 1 1 } > 1: { 1 2 840 113554 1 2 1 2 } > 2: { 1 2 840 113554 1 2 1 3 } > 3: { 1 3 6 1 5 6 2 } > 4: { 1 3 6 1 5 6 2 } > 5: { 1 3 6 1 5 6 4 } > 6: { 1 2 840 113554 1 2 1 1 } > 7: { 1 2 840 113554 1 2 2 2 } > Signature verified. > > $ ./gss-server -port 10000 host > context flag: GSS_C_MUTUAL_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_CONF_FLAG > context flag: GSS_C_INTEG_FLAG > Accepted connection: "[EMAIL PROTECTED]" > Received message: "Hello" > NOOP token > context flag: GSS_C_MUTUAL_FLAG > context flag: GSS_C_REPLAY_FLAG > context flag: GSS_C_CONF_FLAG > context flag: GSS_C_INTEG_FLAG > Accepted connection: "[EMAIL PROTECTED]" > Received message: "Hello" > NOOP token > > > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
