[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MIT client and Heimdal KDC not compatible with afs salted entries
I just reported a bug to the MIT Kerberos5 team:
A Kerberos4 database was converted with Heimdal tools to K5 and is running
with a Heimdal KDC. Authentication with Heimdal Clients is ok,
authentication with MIT clients does not work for the AFS salted entries.
New entries and entries that got new enctypes trough a password change
do work. Debugging showed that in the MIT string2key the salt->data string
had a '@' character appended. By removing the trailing character the MIT
client works as well.
A workaround for the client is included (see the URL)
As I do not know whether this is a bug in the Heimdal KDC or in the MIT
client libraries, I wanted to give the info to this list as well.