[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 0.2g issues (might these be fixed in later releases?)
One addendum/erratum: I misremembered; it's 0.2f, not 0.2g.
In message <firstname.lastname@example.org>, Assar Westerlund writes:
| > 1. The heimdal KDC doesn't react to expired tickets via krb4. That is, it
| When I read the code and try it, it works, and that code hasn't
| changed in some time so it should work in 02.g too. I assume you mean
| an APPL_REQUEST? Here is what I see:
| 02:08:57.644019 datan.1345 > kdc.kerberos-iv: v4 be APPL_REQUEST: v4 NADA.KTH
| .SE (56) (32)
| 02:08:57.655774 kdc.kerberos-iv > datan.1345: v4 be ERR_REPLY: .@ OK Ticket e
| xpire [|kerberos]
Waiting for test tickets to expire...
Weird. Those tickets do elicit the error code. Expired tickets from last
night don't. I wonder if those tickets came from the kaserver and confused
it somehow? (Some kaserver-generated tickets have caused odd kdc behavior
while we were running a mixed kaserver/kdc setup for testing, notably
reporting principals with binary names....) Suppose I'll find out if/when
the screaming commences tomorrow morning.
| Ah, check-ticket-addresses is only used in the v5 part of the KDC.
| Can you try the appended patch?
I thought I'd seen that when looking through the code, but I wasn't familiar
enough with it to trust my impression.
Will try the patch tomorrow, after rebuilding tonight. Thanks.
brandon s. allbery os/2,linux,solaris,perl email@example.com
system administrator kthkrb,heimdal,gnome,rt firstname.lastname@example.org
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.