jhnbyrn
commented
5 years ago You are right. I had the same issue - I recompiled with the fix you described and it works now.
Closed hawicz closed 5 years ago
jhnbyrn
commented
5 years ago You are right. I had the same issue - I recompiled with the fix you described and it works now.
The calculation of the spnego token length at https://github.com/stnoonan/spnego-http-auth-nginx-module/blob/master/ngx_http_auth_spnego_module.c#L867 incorrectly uses one less byte than the output token returned from the earlier gss_accept_sec_context() call. This causes mutual authentication to fail because the client won't receive the full set of token bytes. It should drop the "- 1" and just do "spnego_token.len = output_token.length".