[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIT client and Heimdal KDC not compatible with afs salted entries

To: <heimdal-discuss@sics.se>
Subject: MIT client and Heimdal KDC not compatible with afs salted entries
From: Wolfgang Friebel <friebel@ifh.de>
Date: Fri, 9 Aug 2002 17:41:12 +0200 (MEST)
Sender: owner-heimdal-discuss@sics.se

I just reported a bug to the MIT Kerberos5 team:

http://diswww.mit.edu:8008/menelaus.mit.edu/krb5-bugs/3377

Description:
A Kerberos4 database was converted with Heimdal tools to K5 and is running
with a Heimdal KDC. Authentication with Heimdal Clients is ok,
authentication with MIT clients does not work for the AFS salted entries.
New entries and entries that got new enctypes trough a password change
do work. Debugging showed that in the MIT string2key the salt->data string
had a '@' character appended. By removing the trailing character the MIT
client works as well.

A workaround for the client is included (see the URL)

As I do not know whether this is a bug in the Heimdal KDC or in the MIT
client libraries, I wanted to give the info to this list as well.

Follow-Ups:
- Re: MIT client and Heimdal KDC not compatible with afs salted entries
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: kdc_timesync = 1
Next by Date: Re: MIT client and Heimdal KDC not compatible with afs salted entries
Prev by thread: kdc_timesync = 1
Next by thread: Re: MIT client and Heimdal KDC not compatible with afs salted entries
Index(es):
- Date
- Thread