search

metaphox / cntlm-gss

Cntlm-0.92.3 with kerberos authentication patch applied
GNU General Public License v2.0
29 stars 21 forks source link

Issue with kerberos token size #2

Open Robo8920 opened 5 years ago

Robo8920 commented 5 years ago

As long as I use a test user with a low count of group memberships in AD, which leads to a rather small kerberos token size of about 2300, it works for me. But for my own user with many AD groups and with a token size of 11000 it does not.

... cntlm[5481]: context flag: GSS_C_CONF_FLAG cntlm[5481]: context flag: GSS_C_INTEG_FLAG Using Negotiation ... malloc(): smallbin double linked list corrupted Aborted (core dumped) ...

Verified that also by adding some dummy groups to my test user - then it did also not work for my test user.

System: Ubuntu 18.04 and PBis for AD integration

andrico21 commented 2 years ago

@Robo8920 check this fork, seems to be fixed

Robo8920 commented 2 years ago

@andrico21 it does look promissing and works now also for bigger kerberos token sizes. Well done by @biserov. Have also a look at https://github.com/kiron1/proxydetox

biserov commented 1 year ago

Well done by @biserov. Agree. Tested long time in many OS and seems to be stable. Merged to master in my fork as v0.93.0gss