2016-11-21 21:57:42 |
Joshua R. Poulson |
bug |
|
|
added bug |
2016-11-21 21:57:59 |
Joshua R. Poulson |
bug |
|
|
added subscriber Bruce Campbell |
2016-11-22 01:03:38 |
Steve Langasek |
krb5 (Ubuntu): status |
New |
Fix Released |
|
2016-11-22 01:03:58 |
Steve Langasek |
nominated for series |
|
Ubuntu Yakkety |
|
2016-11-22 01:03:58 |
Steve Langasek |
bug task added |
|
krb5 (Ubuntu Yakkety) |
|
2016-11-22 01:03:58 |
Steve Langasek |
nominated for series |
|
Ubuntu Trusty |
|
2016-11-22 01:03:58 |
Steve Langasek |
bug task added |
|
krb5 (Ubuntu Trusty) |
|
2016-11-22 01:03:58 |
Steve Langasek |
nominated for series |
|
Ubuntu Xenial |
|
2016-11-22 01:03:58 |
Steve Langasek |
bug task added |
|
krb5 (Ubuntu Xenial) |
|
2016-11-22 01:04:45 |
Steve Langasek |
krb5 (Ubuntu Trusty): status |
New |
Incomplete |
|
2016-11-22 01:04:46 |
Steve Langasek |
krb5 (Ubuntu Xenial): status |
New |
Incomplete |
|
2016-11-22 01:04:48 |
Steve Langasek |
krb5 (Ubuntu Yakkety): status |
New |
Incomplete |
|
2016-12-16 10:20:04 |
Timo Aaltonen |
description |
MS-SPNG section 3.3.5.1 documents an odd behavior the SPNEGO layer
needs to implement specifically for the NTLMSSP mechanism. This is
required for compatibility with Windows services.
Upstream commit: https://github.com/krb5/krb5/commit/cb96ca52a3354e5a0ea52e12495ff375de54f9b7
We've run into this issue with Linux to Windows negotiation with encrypted http using GSSAPI. |
[Impact]
MS-SPNG section 3.3.5.1 documents an odd behavior the SPNEGO layer
needs to implement specifically for the NTLMSSP mechanism. This is
required for compatibility with Windows services.
Upstream commit: https://github.com/krb5/krb5/commit/cb96ca52a3354e5a0ea52e12495ff375de54f9b7
We've run into this issue with Linux to Windows negotiation with encrypted http using GSSAPI.
[Test Case]
create a file with some credentials:
$ echo F23:guest:guest > ~/ntlmcreds.txt
$ export NTLM_USER_FILE=~/ntlmcreds.txt
$ python
import gssapi
spnego = gssapi.raw.oids.OID.from_int_seq('1.3.6.1.5.5.2')
c = gssapi.creds.Credentials(mechs=[spnego], usage='initiate')
tname = gssapi.raw.names.import_name("F23/server", name_type=gssapi.raw.types.NameType.hostbased_service)
ac = gssapi.creds.Credentials(mechs=[spnego], usage='accept')
seci = gssapi.SecurityContext(creds=c, name=tname, mech=spnego, usage='initiate')
seca = gssapi.SecurityContext(creds=ac, usage='accept')
it = seci.step(token=None)
ot = seca.step(token=it)
it = seci.step(token=ot)
ot = seca.step(token=it)
it = seci.step(token=ot)
e = seci.wrap("Secrets", True)
o = seca.unwrap(e.message)
o.message
'Secrets' |
|
2016-12-16 10:20:26 |
Timo Aaltonen |
krb5 (Ubuntu Xenial): status |
Incomplete |
Fix Committed |
|
2016-12-16 10:20:28 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2016-12-16 10:20:30 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2016-12-16 10:20:33 |
Timo Aaltonen |
tags |
|
verification-needed |
|
2016-12-16 10:21:18 |
Timo Aaltonen |
krb5 (Ubuntu Trusty): status |
Incomplete |
Fix Committed |
|
2016-12-16 10:22:16 |
Timo Aaltonen |
krb5 (Ubuntu Yakkety): status |
Incomplete |
Fix Committed |
|
2016-12-30 19:44:59 |
Joshua R. Poulson |
tags |
verification-needed |
verification-done |
|
2017-01-20 10:51:14 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
2017-01-23 16:03:09 |
Andy Whitcroft |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2017-01-23 16:03:07 |
Launchpad Janitor |
krb5 (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|
2017-01-23 16:03:32 |
Launchpad Janitor |
krb5 (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2017-01-23 16:06:33 |
Launchpad Janitor |
krb5 (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|