[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.2g issues (might these be fixed in later releases?)

One addendum/erratum:  I misremembered; it's 0.2f, not 0.2g.

In message <5lpuugz9b2.fsf@assaris.sics.se>, Assar Westerlund writes:
| > 1. The heimdal KDC doesn't react to expired tickets via krb4.  That is, it 
| When I read the code and try it, it works, and that code hasn't
| changed in some time so it should work in 02.g too.  I assume you mean
| an APPL_REQUEST?  Here is what I see:
| 02:08:57.644019 datan.1345 > kdc.kerberos-iv: v4 be APPL_REQUEST: v4 NADA.KTH
| .SE (56) (32)
| 02:08:57.655774 kdc.kerberos-iv > datan.1345: v4 be ERR_REPLY: .@ OK Ticket e
| xpire [|kerberos]

Waiting for test tickets to expire...

Weird.  Those tickets do elicit the error code.  Expired tickets from last 
night don't.  I wonder if those tickets came from the kaserver and confused 
it somehow?  (Some kaserver-generated tickets have caused odd kdc behavior 
while we were running a mixed kaserver/kdc setup for testing, notably 
reporting principals with binary names....)  Suppose I'll find out if/when 
the screaming commences tomorrow morning.

| Ah, check-ticket-addresses is only used in the v5 part of the KDC.
| Can you try the appended patch?

I thought I'd seen that when looking through the code, but I wasn't familiar 
enough with it to trust my impression.

Will try the patch tomorrow, after rebuilding tonight.  Thanks.

brandon s. allbery	   os/2,linux,solaris,perl	allbery@kf8nh.apk.net
system administrator	   kthkrb,heimdal,gnome,rt	  allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering			kf8nh
    We are Linux. Resistance is an indication that you missed the point.