[osol-discuss] Issue with GSSAPI

Markus Moeller Thu, 06 Oct 2005 09:46:04 -0700

I have a problem on OpenSolaris with the GSSAPI.  When I use the MIT gss-sample 
program (with minor changes see attachment) I don't get all the context flags 
transfered to the server. It looks like a bug somewhere in the gssapi. Ha 
anybody seen this issue or no what is wrong ?


Thanks
Markus

On OpenSolaris:

$ uname -a
SunOS server1.test.com 5.11 snv_23 i86pc i386 i86pc

The first and second request sends flags:
GSS_C_MUTUAL_FLAG
GSS_C_REPLAY_FLAG
GSS_C_CONF_FLAG
GSS_C_INTEG_FLAG


$ ./gss-client -port 10000 server1.test.com host  Hello
Sending init_sec_context token (size=1759)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 24621, flags 1b6, 
locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
  0: { 1 2 840 113554 1 2 1 1 }
  1: { 1 2 840 113554 1 2 1 2 }
  2: { 1 2 840 113554 1 2 1 3 }
  3: { 1 3 6 1 5 6 2 }
  4: { 1 3 6 1 5 6 2 }
  5: { 1 3 6 1 5 6 4 }
  6: { 1 2 840 113554 1 2 1 1 }
  7: { 1 2 840 113554 1 2 2 2 }
Signature verified.

$ ./gss-client -port 10000 server1.test.com host  Hello
Sending init_sec_context token (size=1758)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 24618, flags 1b6, 
locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
  0: { 1 2 840 113554 1 2 1 1 }
  1: { 1 2 840 113554 1 2 1 2 }
  2: { 1 2 840 113554 1 2 1 3 }
  3: { 1 3 6 1 5 6 2 }
  4: { 1 3 6 1 5 6 2 }
  5: { 1 3 6 1 5 6 4 }
  6: { 1 2 840 113554 1 2 1 1 }
  7: { 1 2 840 113554 1 2 2 2 }
Signature verified.


The server  receives for the first request:
GSS_C_DELEG_FLAG
GSS_C_REPLAY_FLAG
GSS_C_INTEG_FLAG

and for the second only:
GSS_C_DELEG_FLAG


$ /src/user1/gss-sample/gss-server -port 10000 host
context flag: GSS_C_DELEG_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_INTEG_FLAG
Accepted connection: "[EMAIL PROTECTED]"
Received message: "Hello"
NOOP token
context flag: GSS_C_DELEG_FLAG
Accepted connection: "[EMAIL PROTECTED]"
Received message: "Hello"
NOOP token


Wheras on Solaris 10  I get the expected result with the server getting the 
exact 4 flags the client sent:
GSS_C_MUTUAL_FLAG
GSS_C_REPLAY_FLAG
GSS_C_CONF_FLAG
GSS_C_INTEG_FLAG


Solaris 10
$ uname -a
SunOS server2.test.com 5.10 Generic_118822-18 sun4u sparc SUNW,Ultra-5_10


$ ./gss-client -port 10000 server2.test.com host Hello
Sending init_sec_context token (size=1755)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 26716, flags 1b6, 
locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
  0: { 1 2 840 113554 1 2 1 1 }
  1: { 1 2 840 113554 1 2 1 2 }
  2: { 1 2 840 113554 1 2 1 3 }
  3: { 1 3 6 1 5 6 2 }
  4: { 1 3 6 1 5 6 2 }
  5: { 1 3 6 1 5 6 4 }
  6: { 1 2 840 113554 1 2 1 1 }
  7: { 1 2 840 113554 1 2 2 2 }
Signature verified.



$ ./gss-client -port 10000 server2.test.com host Hello
Sending init_sec_context token (size=1756)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[EMAIL PROTECTED]" to "host/[EMAIL PROTECTED]", lifetime 26714, flags 1b6, 
locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
  0: { 1 2 840 113554 1 2 1 1 }
  1: { 1 2 840 113554 1 2 1 2 }
  2: { 1 2 840 113554 1 2 1 3 }
  3: { 1 3 6 1 5 6 2 }
  4: { 1 3 6 1 5 6 2 }
  5: { 1 3 6 1 5 6 4 }
  6: { 1 2 840 113554 1 2 1 1 }
  7: { 1 2 840 113554 1 2 2 2 }
Signature verified.

$ ./gss-server -port 10000 host
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Accepted connection: "[EMAIL PROTECTED]"
Received message: "Hello"
NOOP token
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Accepted connection: "[EMAIL PROTECTED]"
Received message: "Hello"
NOOP token
This message posted from opensolaris.org

gss-test.tar.bz2
Description: BZip2 compressed data

_______________________________________________
opensolaris-discuss mailing list
[email protected]

[osol-discuss] Issue with GSSAPI

Reply via email to