[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ETYPE-INFO & AS-REP questions

Tom Maher <tmaher@watson.org> writes:

> In recent heimdal snapshots, in kdc/kerberos5.c, towards the end of
> as_rep(), the KDC does just that.  If the client's AS-REQ contains a newer
> enctype (e.g., aes256), ETYPE-INFO2 is sent.  If AS-REQ has an older enctype
> (e.g., des-* or des3), KDC sends both ETYPE-INFO and ETYPE-INFO2.
> My problem is that when the Solaris 10 kinit receives an AS-REP that
> containts ETYPE-INFO2, it dumps core.  I've already filed a ticket with Sun
> about this (kinit shouldn't core dump, ever).  But oddly enough, the MIT
> krb5 1.4.1 KDC seems to obey the draft as well (relevent code is
> src/kdc/kdc_preauth.c), but doesn't cause a core dump in Solaris 10 kinit.
> Is this a heimdal bug, or am I misreading the MIT code?  Also, is there a
> more recent version of the draft that I just haven't read?

I've not tested solaris 10, så I've not seen this problem. Heimdal uses a
non standard etype-info (since 0.1e, or something like that), that could
cause problems, but MIT worked around the problem so I guess SUN would pick
that up too.


PGP signature