From owner-freebsd-security@FreeBSD.ORG Fri Mar 6 01:23:35 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A988C124 for ; Fri, 6 Mar 2015 01:23:35 +0000 (UTC) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C7FB6DB for ; Fri, 6 Mar 2015 01:23:35 +0000 (UTC) X-AuditID: 12074424-f79356d000004839-c4-54f90061274d Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 00.61.18489.16009F45; Thu, 5 Mar 2015 20:18:25 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t261IP29018733; Thu, 5 Mar 2015 20:18:25 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t261INNr028391 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 5 Mar 2015 20:18:24 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t261INfQ017057; Thu, 5 Mar 2015 20:18:23 -0500 (EST) Date: Thu, 5 Mar 2015 20:18:22 -0500 (EST) From: Benjamin Kaduk To: Erik Cederstrand Subject: Re: Missind #defines in /usr/include/gssapi/gssapi.h? In-Reply-To: Message-ID: References: <30A05DC2-951F-46E6-924B-207E5F32A949@cederstrand.dk> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLIsWRmVeSWpSXmKPExsUixCmqrZvI8DPE4NERM4unb+0tejY9YXNg 8mhevpjdY8an+SwBTFFcNimpOZllqUX6dglcGe/e/mUvmM9SsWurcgPjDuYuRk4OCQETiSVv 5rBB2GISF+6tB7K5OIQEFjNJzN+3ghnC2cAoceX6dyYI5yCTxOKHj1hBWoQE6iUerF/BBGKz CGhJTHnaATaKTUBFYuabjWC2iICBxImP78HWMQs4Sty58JoRxBYWsJNY0v6IHcTmBIpvmLIR zOYVcJCY+uktC8T8MolPa9aA2aICOhKr909hgagRlDg58wkLxEwtieXTt7FMYBSchSQ1C0lq ASPTKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl1zvdzMEr3UlNJNjKAwZXdR2cHYfEjpEKMAB6MS D++Mjd9DhFgTy4orcw8xSnIwKYnyyv76ESLEl5SfUpmRWJwRX1Sak1p8iFGCg1lJhDftC1CO NyWxsiq1KB8mJc3BoiTOu+kHX4iQQHpiSWp2ampBahFMVoaDQ0mCt+k/UKNgUWp6akVaZk4J QpqJgxNkOA/QcC2QGt7igsTc4sx0iPwpRmOON6d3z2TiWNC+fyaTEEtefl6qlDivNUipAEhp Rmke3DRYqnnFKA70nDDvh39AVTzANAU37xXQKiaQVWJgq0oSEVJSDYyh/DVxJ/mCP9QoV98v LJRqm/HItPHzb6XjRxnzPp9e3MDzRum0rHiC6Uz1BWf+PDLp2Br1nKHuQLZ/TGLEgzdFPZ8C 8oJkImVfWGbYO9attjMra1zxqyG3Lub0tLuVr18c6uw5le7D5OsocstfWLW1Vzf5vXz5Zvm/ 3y+sPDavmqu+771NlxJLcUaioRZzUXEiAAosEqQQAwAA Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2015 01:23:35 -0000 On Thu, 5 Mar 2015, Benjamin Kaduk wrote: > My understanding was that python-gssapi was intended to support both > Heimdal and MIT implementations, so given that MIT (correctly) does not > provide a GSS_C_AF_INET6 symbol, I am somewhat surprised that > python-gssapi cannot cope with its absence. Furthermore, the best current practice is to not pass addresses in the supplied channel bindings, since that breaks traffic through NATs, etc.. So there does not seem to be a good reason to want to use GSS_C_AF_INET6 anyway. -Ben