This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4.9k
[release/2.1] Port Kerberos auth fixes to 2.1 branch #40109
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR ports some important Kerberos auth fixes from the 3.0 to 2.1 LTS branch. These fixes help enterprise customers that have complex Kerberos authentication scenarios that involve cross Windows (Active Directory) and Linux (Kerberos) domains/realms. These fixes are from PRs: * dotnet#38465 - Use 'Host' header when calculating SPN for Kerberos auth * dotnet#38377 - Use GSS_C_NT_HOSTBASED_SERVICE format for Linux Kerberos SPN and are related to issue dotnet#36329.
davidsh
added
tenet-compatibility
Incompatibility with previous versions or .NET Framework
os-linux
Linux OS (any supported distro)
area-System.Net.Http
labels
Aug 7, 2019
DescriptionCustomers that use Kerberos authentication with mixed Windows and Linux domains/realms are unable to use HttpClient or SqlClient. The requests are currently failing due to incorrect SPNs (Service Principal Name) being used during Negotiate/SPNEGO protocol. Customer ImpactWithout these fixes, important enterprise customers are unable to use HttpClient or SqlClient in these environments. Regression?Yes from .NET Core 2.0 (i.e. before SocketsHttpHandler was used). RiskLow. Fixes were manually tested in separate enterprise testing environment. A private build of these fixes was also tested in the customer's environment. |
davidsh
changed the title
Port Kerberos auth fixes to 2.1 branch
[release/2.1] Port Kerberos auth fixes to 2.1 branch
Aug 7, 2019
stephentoub
reviewed
Aug 7, 2019
src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
Show resolved
Hide resolved
stephentoub
reviewed
Aug 7, 2019
src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
Show resolved
Hide resolved
stephentoub
approved these changes
Aug 7, 2019
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
approved offline |
Need mirroring into 2.2 before starting 2.2. build |
davidsh
added
Servicing-approved
Approved for servicing release
and removed
Servicing-consider
Issue for next servicing release review
labels
Aug 8, 2019
wtgodbe
pushed a commit
that referenced
this pull request
Aug 8, 2019
* Update BuildTools to rc1-04230-01 * Port Kerberos auth fixes to 2.1 branch (#40109) This PR ports some important Kerberos auth fixes from the 3.0 to 2.1 LTS branch. These fixes help enterprise customers that have complex Kerberos authentication scenarios that involve cross Windows (Active Directory) and Linux (Kerberos) domains/realms. These fixes are from PRs: * #38465 - Use 'Host' header when calculating SPN for Kerberos auth * #38377 - Use GSS_C_NT_HOSTBASED_SERVICE format for Linux Kerberos SPN and are related to issue #36329.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
area-System.Net.Http
os-linux
Linux OS (any supported distro)
Servicing-approved
Approved for servicing release
tenet-compatibility
Incompatibility with previous versions or .NET Framework
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR ports some important Kerberos auth fixes from the 3.0 to 2.1 LTS
branch. These fixes help enterprise customers that have complex Kerberos
authentication scenarios that involve cross Windows (Active Directory)
and Linux (Kerberos) domains/realms.
These fixes are from PRs:
and are related to issue #36329.