[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ETYPE-INFO & AS-REP questions

To: Tom Maher <tmaher@watson.org>
Subject: Re: ETYPE-INFO & AS-REP questions
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 17 May 2005 12:15:59 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <Pine.LNX.4.53L-ECE.CMU.EDU.0505121632420.30857@snuffy.ece.cmu.edu> (TomMaher's message of "Thu, 12 May 2005 16:51:55 -0400 (EDT)")
References: <Pine.LNX.4.53L-ECE.CMU.EDU.0505121632420.30857@snuffy.ece.cmu.edu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)


Tom Maher <tmaher@watson.org> writes:

> In recent heimdal snapshots, in kdc/kerberos5.c, towards the end of
> as_rep(), the KDC does just that.  If the client's AS-REQ contains a newer
> enctype (e.g., aes256), ETYPE-INFO2 is sent.  If AS-REQ has an older enctype
> (e.g., des-* or des3), KDC sends both ETYPE-INFO and ETYPE-INFO2.
>
> My problem is that when the Solaris 10 kinit receives an AS-REP that
> containts ETYPE-INFO2, it dumps core.  I've already filed a ticket with Sun
> about this (kinit shouldn't core dump, ever).  But oddly enough, the MIT
> krb5 1.4.1 KDC seems to obey the draft as well (relevent code is
> src/kdc/kdc_preauth.c), but doesn't cause a core dump in Solaris 10 kinit.
>
> Is this a heimdal bug, or am I misreading the MIT code?  Also, is there a
> more recent version of the draft that I just haven't read?

I've not tested solaris 10, så I've not seen this problem. Heimdal uses a
non standard etype-info (since 0.1e, or something like that), that could
cause problems, but MIT worked around the problem so I guess SUN would pick
that up too.

Love

PGP signature

References:
- ETYPE-INFO & AS-REP questions
  - From: Tom Maher <tmaher@watson.org>

Prev by Date: Re: LVS and kerberos
Next by Date: Re: Which key type gets selected?
Prev by thread: ETYPE-INFO & AS-REP questions
Next by thread: Heimda ldap and KDCFlags
Index(es):
- Date
- Thread