[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems running krb5 telnet

To: Jonas Oberg <jonas@coyote.org>
Subject: Re: Problems running krb5 telnet
From: Assar Westerlund <assar@sics.se>
Date: 24 Apr 1999 12:29:59 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Jonas Oberg's message of "24 Apr 1999 12:21:09 +0200"
References: <871zhaib7j.fsf@poledra.coyote.org> <5l7lr2s4zw.fsf@assaris.sics.se> <87yajigvze.fsf@poledra.coyote.org>
Sender: owner-heimdal-discuss@sics.se

Jonas Oberg <jonas@coyote.org> writes:
> Program received signal SIGABRT, Aborted.
> 0x4009fa91 in kill ()
> (gdb) bt
> #0  0x4009fa91 in kill ()
> #1  0x4009f6ef in raise ()
> #2  0x400a0e17 in abort ()
> #3  0x80582c8 in krb5_auth_setcksumtype () at auth_context.c:283
> #4  0x8062575 in make_pa_tgs_req (context=0x80a3128, ac=0x80a3a70,
>     body=0xbffff85c, padata=0x80a3a60, creds=0xbffff90c) at get_cred.c:101
> 
> So, it thinks the ticket is DES-CBC-CRC and Heimdal doesn't support this,
> alas the abort()?  Thats interesting when you also consider the fact that
> remote host A runs MIT's krb5 and remote host B runs Heimdal though telnet
> abort()'s when trying to connect to both hosts.

It does support DES-CBC-CRC, it's just that there's an old kludge to
make it work with old DCE secd that you're running into for some
reason.  Heimdal tries to get the KDC to talk DES-CBC-MD5 which your
kdc doesn't do some for reason.  That code will be changed and fixed
in the next release.  If you're not running a really old version of
the MIT krb5 KDC you should be able to just rip out those lines, like
the appended patch.  If you get an error for an unsupported encryption
type or something like that you still need to kludge.  Tell us if that
happens and we will send you patches to get it to work.

/assar

Index: lib/krb5/get_cred.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/get_cred.c,v
retrieving revision 1.71
diff -u -w -u -w -r1.71 get_cred.c
--- get_cred.c	1999/04/11 23:13:39	1.71
+++ get_cred.c	1999/04/24 10:23:35
@@ -85,30 +85,9 @@
 
     in_data.length = len;
     in_data.data   = buf + buf_size - len;
-    {
-	Ticket ticket;
-	ret = decode_Ticket(creds->ticket.data, creds->ticket.length, 
-			    &ticket, &len);
-	if(ret)
-	    return ret;
-	/*
-	 * If we get a ticket encrypted with DES-CBC-CRC, it's
-	 * probably an old DCE secd and then the usual heuristics of
-	 * using the best algorithm (in this case RSA-MD5 and
-	 * DES-CBC-MD5) will not work.
-	 */
-	if(ticket.enc_part.etype == ETYPE_DES_CBC_CRC) {
-	    krb5_auth_setcksumtype(context, ac, CKSUMTYPE_RSA_MD4);
-	    krb5_auth_setenctype(context, ac, ETYPE_DES_CBC_CRC);
-	}
-	free_Ticket(&ticket);
-	    
-	
 	ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, 
 				   &padata->padata_value,
 				   KRB5_KU_TGS_REQ_AUTH_CKSUM);
-
-    }
 out:
     free (buf);
     if(ret)

Follow-Ups:
- Re: Problems running krb5 telnet
  - From: Jonas Oberg <jonas@coyote.org>

References:
- Problems running krb5 telnet
  - From: Jonas Oberg <jonas@coyote.org>
- Re: Problems running krb5 telnet
  - From: Assar Westerlund <assar@sics.se>
- Re: Problems running krb5 telnet
  - From: Jonas Oberg <jonas@coyote.org>

Prev by Date: Re: Problems running krb5 telnet
Next by Date: Re: Problems running krb5 telnet
Prev by thread: Re: Problems running krb5 telnet
Next by thread: Re: Problems running krb5 telnet
Index(es):
- Date
- Thread