From a80d26914afece7324158918e8d74c7c8384a0df Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 12 Mar 2010 03:47:08 +0000
Subject: [PATCH] 2867.   [bug]           Don't set GSS_C_SEQUENCE_FLAG as
 Windows DNS servers                         don't like it.  [RT #20986]

---
 CHANGES             | 3 +++
 lib/dns/gssapictx.c | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index a8aa9861c4..2dc02008e9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2867.	[bug]		Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
+			don't like it.  [RT #20986]
+
 2866.	[bug]		Windows does not like the TSIG name being compressed.
 			[RT #20986]
 
diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
index 6724590b4f..5f1cd855c1 100644
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: gssapictx.c,v 1.14 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: gssapictx.c,v 1.15 2010/03/12 03:47:08 marka Exp $ */
 
 #include <config.h>
 
@@ -488,8 +488,12 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
 		gintokenp = NULL;
 	}
 
+	/*
+	 * Note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
+	 * servers don't like it.
+	 */
 	flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
-		GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
+		GSS_C_INTEG_FLAG;
 
 	gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
 				    gname, GSS_SPNEGO_MECHANISM, flags,