-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NegotiateStream.Write interop issues on Linux/OSX #16648
Comments
For Linux, we are working with RedHat engineers: https://fedorahosted.org/gss-ntlmssp/ticket/8
For OSX, trying to find a solution by posting at https://discussions.apple.com/message/29893662#29893662 |
Update for Kerberos case: |
For OSX issues, also posted in heimdal mailing list: |
"Kerberos creds with sign" part of the issue has been fixed for both Linux and OSX and is part of PR dotnet/corefx#6989 |
@joshfree, @rahulkotecha, should this be brought back to 1.0.0-rtm rather than 1.1.0? |
@terlochan any update since March? |
@joshfree, The fix for this is in third party linux packages (kerb5-libs and gssntlmssp). We've been working with RedHat engineer for this and expected to get the details of the fix this week. |
@rahulkotecha @terlochan what about for non-RHEL distros? What about OS X? |
The fix has been pushed upstream in MIT Kerberos source (krb5/krb5#436). Hence we can expect the fix to be available on all *nix platforms, starting krb5-1.15. As per RedHat engineer, the fix will be backported to RHEL 7 which will have 1.14+ patches. |
Thanks @rahulkotecha. I'll switch this to a release notes bug. Please work with @leecow to get this extra information tracked in the release notes and known issues |
Captured in release note working doc |
There are some combinations of Kerberos/NTLM, SignOnly/EncryptAndSign etc. that cause the
gss_wrap
call on Unix client to fail against a Windows server usingNegotiateStream
. This issue is for tracking the foll. failing combinations of credentials and protection level passed inAuthenticateAsClientAsync
On Linux:
On OSX:
The text was updated successfully, but these errors were encountered: