Bruce is saying that he tested Trusty as well. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1643708
Title: Add SPNEGO special case for NTLMSSP+MechListMIC Status in krb5 package in Ubuntu: Fix Released Status in krb5 source package in Trusty: Fix Committed Status in krb5 source package in Xenial: Fix Committed Status in krb5 source package in Yakkety: Fix Committed Bug description: [Impact] MS-SPNG section 3.3.5.1 documents an odd behavior the SPNEGO layer needs to implement specifically for the NTLMSSP mechanism. This is required for compatibility with Windows services. Upstream commit: https://github.com/krb5/krb5/commit/cb96ca52a3354e5a0ea52e12495ff375de54f9b7 We've run into this issue with Linux to Windows negotiation with encrypted http using GSSAPI. [Test Case] create a file with some credentials: $ echo F23:guest:guest > ~/ntlmcreds.txt $ export NTLM_USER_FILE=~/ntlmcreds.txt $ python import gssapi spnego = gssapi.raw.oids.OID.from_int_seq('1.3.6.1.5.5.2') c = gssapi.creds.Credentials(mechs=[spnego], usage='initiate') tname = gssapi.raw.names.import_name("F23/server", name_type=gssapi.raw.types.NameType.hostbased_service) ac = gssapi.creds.Credentials(mechs=[spnego], usage='accept') seci = gssapi.SecurityContext(creds=c, name=tname, mech=spnego, usage='initiate') seca = gssapi.SecurityContext(creds=ac, usage='accept') it = seci.step(token=None) ot = seca.step(token=it) it = seci.step(token=ot) ot = seca.step(token=it) it = seci.step(token=ot) e = seci.wrap("Secrets", True) o = seca.unwrap(e.message) o.message 'Secrets' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1643708/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
