2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers

                        don't like it.  [RT #20986]

diff --git a/CHANGES b/CHANGES
index a8aa9861c42be1309646d0863a63c9d34272567f..2dc02008e9627d9951269e491e8e77315f7bc9d4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2867.  [bug]           Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
+                       don't like it.  [RT #20986]
+
 2866.  [bug]           Windows does not like the TSIG name being compressed.
                        [RT #20986]
 

diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
index 6724590b4f3d8f97062c29d7e57076e75d453a84..5f1cd855c1e91c7c6c789a14a4830f78f7b539c1 100644 (file)
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: gssapictx.c,v 1.14 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: gssapictx.c,v 1.15 2010/03/12 03:47:08 marka Exp $ */
 
 #include <config.h>
 
@@ -488,8 +488,12 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
                gintokenp = NULL;
        }
 
+       /*
+        * Note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
+        * servers don't like it.
+        */
        flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
-               GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
+               GSS_C_INTEG_FLAG;
 
        gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
                                    gname, GSS_SPNEGO_MECHANISM, flags,