Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Bug in CFNetwork SPNEGO service principal names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug in CFNetwork SPNEGO service principal names

Subject: Bug in CFNetwork SPNEGO service principal names
From: Simon Spero <email@hidden>
Date: Sun, 5 Feb 2006 20:33:56 -0500

I'm hitting another bug in CFNetwork SPNEGO auth. CFNetwork is not using the KRB5_NT_SRV_HST to generate the service principal. As a result, URLs that don't use the canonical host name can't be used.

The problem code is in GetSvcTicketForHost - CFNetwork/HTTP/SPNEGO/ spnegoKrb.c at line 191

There is a comment immediately preceding the call to krb_sname_to_principal that seems to indicate that the code was changed to work around broken reverse DNS lookup issues.

Reverse DNS lookup can be disabled for broken environments through / Library/Preferences/edu.mit.Kerberos :

[libdefaults]
rdns = 0

Thanks

Simon

Attachment: spnego.patch
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Prev by Date: Re: CFNetwork, Run Loops, and Tools
Next by Date: Need information on connecting Windows computers
Previous by thread: Re: CFNetwork, Run Loops, and Tools
Next by thread: Need information on connecting Windows computers
Index(es):
- Date
- Thread