I don't see a upstream krb5 bug for this issue. I would recommend against applying this patch until someone familiar with the SPNEGO security model and the code has evaluated it.
Basically, certain versions of Windows produce bad SPNEGO tokens. It's appropriate to ignore these in some situations spelled out in the RFC, but creates a significant security issue in others. I suspect that this may be OK, but I don't have the spnego state machine in my head now, nor do I have the MIT SPNEGO code in my head now. The easiest way to get comfortable with this patch would be for upstream krb5 to evaluate it: they have been working on the SPNEGO code a lot lately so it would probably require less effort for them. -- likewise-open fails to join Windows 2000 SP4 domain https://bugs.launchpad.net/bugs/551901 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
