Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-836

GSSAPI Authentication doesn't respect the package's MaxTokenSize

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 1.9
    • 1.8, 1.8.1, 1.8.2
    • None
    • None

    Description

      Extraordinarily large users (members of a large number of AD groups) cannot authenticate via Kerberos because the buffers we allocate are too small. Security packages in Windows have a default max token size of 12k bytes which we have hardcoded. This has changed in Windows 2012 to 48k bytes. In addition, it is possible for users to change the MaxTokenSize in their registry. As such, we should be querying the kerberos package info for this value.

      Attachments

        Activity

          People

            craig.wilson@mongodb.com Craig Wilson
            craig.wilson@mongodb.com Craig Wilson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: