• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Bug in CFNetwork SPNEGO service principal names
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug in CFNetwork SPNEGO service principal names


  • Subject: Bug in CFNetwork SPNEGO service principal names
  • From: Simon Spero <email@hidden>
  • Date: Sun, 5 Feb 2006 20:33:56 -0500

I'm hitting another bug in CFNetwork SPNEGO auth. CFNetwork is not using the KRB5_NT_SRV_HST to generate the service principal. As a result, URLs that don't use the canonical host name can't be used.

The problem code is in GetSvcTicketForHost - CFNetwork/HTTP/SPNEGO/ spnegoKrb.c at line 191

There is a comment immediately preceding the call to krb_sname_to_principal that seems to indicate that the code was changed to work around broken reverse DNS lookup issues.

Reverse DNS lookup can be disabled for broken environments through / Library/Preferences/edu.mit.Kerberos :

[libdefaults]
rdns = 0

Thanks

Simon



Attachment: spnego.patch
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

  • Prev by Date: Re: CFNetwork, Run Loops, and Tools
  • Next by Date: Need information on connecting Windows computers
  • Previous by thread: Re: CFNetwork, Run Loops, and Tools
  • Next by thread: Need information on connecting Windows computers
  • Index(es):
    • Date
    • Thread