[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more problems

To: Arkadiusz Miśkiewicz <misiek@misiek.eu.org>
Subject: Re: more problems
From: Assar Westerlund <assar@sics.se>
Date: 29 Jul 1999 15:48:07 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Arkadiusz Miśkiewicz's message of "Thu, 29Jul 1999 14:48:40 +0200"
References: <19990729144840.D31560@zsz2.starachowice.pl>
Sender: owner-heimdal-discuss@sics.se

Arkadiusz Miśkiewicz <misiek@misiek.eu.org> writes:
> yesterday I tested heimdal-0.1k and:
> 1) --enable-new-des3-code still doesn't work for me (that same result as previous)

I'm sorry if I'm dense, but what's the the same result as previous?

I don't think you should use that option.  Once the assignment of
enctypes for the derived key version of 3DES is finished, we will move
to that and then there won't be any need for the option and it'll go away.

> 2) without --enable-new-des3-code kinit works (I get ticket) :-)

Great.

> 3) telnetd doesn't work properly:
>
> Connected to linstar4.zsz2.starachowice.pl.
> Escape character is '^]'.
> [ Trying mutual KERBEROS5 ... ]
> [ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ]
> [ Trying KERBEROS5 ... ]
> [ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ]
>
> *** Connection not encrypted! Communication may be eavesdropped. ***
> User not authenticated. Using plaintext username and password
> Password:
>
> :-(

Is that an IPv4 or IPv6 address?

If you start your telnetd with `telnetd -a debug' you should be able
to get a better error message from krb5_sock_to_principal.  But I
would guess that I might be that the reverse or forward mapping is not
correct.

> 4) if I try telnet -l misiek 195.164.211.2 (IP, not hostname) then
> 28-Jul-1999 23:15:44 TGS-REQ misiek@ZSZ2.STARACHOWICE.PL from
> IPv4:195.164.211.2 for krbtgt/164.211.2@ZSZ2.STARACHOWICE.PL
>                               ^^^^^^^^^
> 28-Jul-1999 23:15:44 Server not found in database: krbtgt/164.211.2@ZSZ2.STARACHOWICE.PL
>                                                           ^^^^^^^^^
> 28-Jul-1999 23:15:44 sending 148 bytes to IPv4:195.164.211.2
>
> and we have part of my IP address in TGS-REQ ;(

Try the appended patch.

> 5) please don't use gethostbyname2. Use getnameinfo() instead
> (and use getaddrinfo(), too).

Why do you dislike gethostbyname2 (apart from get{name,addr}info()
being `better')?  On most of the systems that we're using there is no
implementation of get{name,addr}info and then we're forced to use
gethostbyname2 (or actually getipnodeby{name,addr}).  A
roken-implementation of get{addr,name}info are on their way but not
finished yet.

> btw. what is CVSROOT and password for ro only access to heimdal CVS ?

We haven't set up read-only access to the CVS tree yet, sorry.

/assar

Index: lib/krb5/get_host_realm.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/get_host_realm.c,v
retrieving revision 1.22
diff -u -w -r1.22 get_host_realm.c
--- get_host_realm.c	1999/05/21 13:18:55	1.22
+++ get_host_realm.c	1999/07/29 13:45:07
@@ -142,8 +142,6 @@
 {
     char hostname[MAXHOSTNAMELEN];
     const char *p;
-    struct in_addr addr;
-    struct hostent *hostent;
     const char *orig_host;
 
     if (host == NULL) {
@@ -153,15 +151,6 @@
     }
 
     orig_host = host;
-
-    addr.s_addr = inet_addr(host);
-    hostent = roken_gethostbyname (host);
-    if (hostent == NULL && addr.s_addr != INADDR_NONE)
-	hostent = roken_gethostbyaddr ((const char *)&addr,
-				       sizeof(addr),
-				       AF_INET);
-    if (hostent != NULL)
-	host = hostent->h_name;
 
     p = host;
     while(p) {
Index: lib/krb5/mk_req.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/mk_req.c,v
retrieving revision 1.14
diff -u -w -r1.14 mk_req.c
--- mk_req.c	1999/04/25 17:43:07	1.14
+++ mk_req.c	1999/07/29 13:44:18
@@ -40,6 +40,24 @@
 
 RCSID("$Id: mk_req.c,v 1.14 1999/04/25 17:43:07 assar Exp $");
 
+static char *
+sanitize_hostname (char *hostname)
+{
+    struct in_addr addr;
+    struct hostent *hostent;
+
+    addr.s_addr = inet_addr(hostname);
+    if (addr.s_addr != INADDR_NONE)
+	hostent = roken_gethostbyaddr ((const char *)&addr,
+				       sizeof(addr),
+				       AF_INET);
+    else
+	hostent = roken_gethostbyname (hostname);
+    if (hostent != NULL)
+	hostname = hostent->h_name;
+    return hostname;
+}
+
 krb5_error_code
 krb5_mk_req(krb5_context context,
 	    krb5_auth_context *auth_context,
@@ -62,6 +80,8 @@
   
   if(r)
       return r;
+
+  hostname = sanitize_hostname (hostname);
 
   r = krb5_get_host_realm(context, hostname, &realms);
   if (r)

Follow-Ups:
- Re: more problems
  - From: Arkadiusz Miśkiewicz <misiek@misiek.eu.org>

References:
- more problems
  - From: Arkadiusz Miśkiewicz <misiek@misiek.eu.org>

Prev by Date: more problems
Next by Date: Re: more problems
Prev by thread: more problems
Next by thread: Re: more problems
Index(es):
- Date
- Thread