[CSHARP-836] GSSAPI Authentication doesn't respect the package's MaxTokenSize Created: 03/Oct/13 Updated: 02/Apr/15 Resolved: 30/Oct/13 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | None |
| Affects Version/s: | 1.8, 1.8.1, 1.8.2 |
| Fix Version/s: | 1.9 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Craig Wilson | Assignee: | Craig Wilson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Description |
|
Extraordinarily large users (members of a large number of AD groups) cannot authenticate via Kerberos because the buffers we allocate are too small. Security packages in Windows have a default max token size of 12k bytes which we have hardcoded. This has changed in Windows 2012 to 48k bytes. In addition, it is possible for users to change the MaxTokenSize in their registry. As such, we should be querying the kerberos package info for this value. |
| Comments |
| Comment by auto [ 22/Oct/13 ] |
|
Author: {u'username': u'craiggwilson', u'name': u'Craig Wilson', u'email': u'craiggwilson@gmail.com'}Message: |
| Comment by auto [ 21/Oct/13 ] |
|
Author: {u'username': u'craiggwilson', u'name': u'Craig Wilson', u'email': u'craiggwilson@gmail.com'}Message: |