Bug in CFNetwork SPNEGO service principal names
Bug in CFNetwork SPNEGO service principal names
- Subject: Bug in CFNetwork SPNEGO service principal names
- From: Simon Spero <email@hidden>
- Date: Sun, 5 Feb 2006 20:33:56 -0500
I'm hitting another bug in CFNetwork SPNEGO auth. CFNetwork is not
using the KRB5_NT_SRV_HST to generate the service principal. As a
result, URLs that don't use the canonical host name can't be used.
The problem code is in GetSvcTicketForHost - CFNetwork/HTTP/SPNEGO/
spnegoKrb.c at line 191
There is a comment immediately preceding the call to
krb_sname_to_principal that seems to indicate that the code was
changed to work around broken reverse DNS lookup issues.
Reverse DNS lookup can be disabled for broken environments through /
Library/Preferences/edu.mit.Kerberos :
[libdefaults]
rdns = 0
Thanks
Simon
Attachment:
spnego.patch
Description: Binary data
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden