[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIT client and Heimdal KDC not compatible with afs salted entries

I just reported a bug to the MIT Kerberos5 team:


A Kerberos4 database was converted with Heimdal tools to K5 and is running
with a Heimdal KDC. Authentication with Heimdal Clients is ok,
authentication with MIT clients does not work for the AFS salted entries.
New entries and entries that got new enctypes trough a password change
do work. Debugging showed that in the MIT string2key the salt->data string
had a '@' character appended. By removing the trailing character the MIT
client works as well.

A workaround for the client is included (see the URL)

As I do not know whether this is a bug in the Heimdal KDC or in the MIT
client libraries, I wanted to give the info to this list as well.