search

jcmturner / gokrb5

Pure Go Kerberos library for clients and services
Apache License 2.0
723 stars 245 forks source link

SPNEGO OID of MechToken is not of type KRB5 #451

Open AndrewWPhillips opened 2 years ago

AndrewWPhillips commented 2 years ago

I am getting the above error when using Integrated Windows Authentication. I think this is a bug. The problem appears to be at spnego.go line78.

        oid = t.NegTokenInit.MechTypes[0]
...
    if !(oid.Equal(gssapi.OIDKRB5.OID()) || oid.Equal(gssapi.OIDMSLegacyKRB5.OID())) {

The MechTypes slice has 4 entries, but entry 0 is of the wrong type. t.NegTokenInit.MechTypes[1] == OIDKRB5 and t.NegTokenInit.MechTypes[2] == OIDMSLegacyKRB5. I am not sure but I think that all entries should be checked not just the first.

tooptoop4 commented 1 year ago

did u solve?

thomasschlaeppi commented 1 year ago

Iam experiencing the same issue, but only when connecting from localhost. The GO application is running on Windows and the client is of type powershell / c#. Already asked stackoverflow: https://stackoverflow.com/q/75409947/21186459.

I am not very familiar with the Kerberos RFC's - What is your opinion, is it a misbehavior of windows / .net (client side) or should this library being extended?

tomqwpl commented 6 months ago

Yes, same here. I think the list needs to be searched for the relevant OID