[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 1.0.2RC6

To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: heimdal 1.0.2RC6
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Tue, 11 Dec 2007 18:04:03 -0800
In-Reply-To: <B7DB4A56-9C24-4EEE-A05F-B215E8BFDA66@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <B7DB4A56-9C24-4EEE-A05F-B215E8BFDA66@kth.se>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

This is actually from RC5, but I suspect you haven't changed anything.

Adding a password to krb5_get_init_creds_opt_set_pkinit() seems to  
have no effect, at least when pkcs11 is used for the user cert.  You  
*still* get prompted for the PIN by the library.  It looks like the  
password argument gets lost in the hx509 stuff somewhere between  
_krb5_pk_load_id() and p11_init_slot().  I believe some other code  
works around this by writing their own prompter function.  I'd rather  
that wasn't needed.

Breakpoint 1, krb5_prompter_posix (context=0x1100f50, data=0x0,  
name=0x0, banner=0x0, num_prompts=1, prompts=0xbffff4b8) at  
prompter_posix.c:48
48          if (name)
(gdb) bt
#0  krb5_prompter_posix (context=0x1100f50, data=0x0, name=0x0,  
banner=0x0, num_prompts=1, prompts=0xbffff4b8) at prompter_posix.c:48
#1  0x00239c75 in hx_pass_prompter (data=0xbffff7f8,  
prompter=0xbffff55c) at pkinit.c:1415
#2  0x003ee458 in hx509_lock_prompt (lock=0x11033d0,  
prompt=0xbffff55c) at lock.c:206
#3  0x003ea611 in p11_get_session (context=0x1103330, p=0x1103080,  
slot=0x110a540, lock=0x11033d0, psession=0xbffff6d0) at ks_p11.c:433
#4  0x003ea3b4 in p11_init_slot (context=0x1103330, p=0x1103080,  
lock=0x11033d0, id=0, num=0, slot=0x110a540) at ks_p11.c:352
#5  0x003eb54a in p11_init (context=0x1103330, certs=0x1103040,  
data=0x1103048, flags=0, residue=0x1f9b "/Library/OpenSC/lib/opensc- 
pkcs11.so", lock=0x11033d0) at ks_p11.c:909
#6  0x003e768c in hx509_certs_init (context=0x1103330, name=0x1f94  
"pkcs11:/Library/OpenSC/lib/opensc-pkcs11.so", flags=0,  
lock=0x11033d0, certs=0x1103318) at keyset.c:118
#7  0x00239e47 in _krb5_pk_load_id (context=0x1100f50,  
ret_id=0x11034d0, user_id=0x1f94 "pkcs11:/Library/OpenSC/lib/opensc- 
pkcs11.so", anchor_id=0x11034f0 "FILE:/Library/KerberosCerts/ 
cacert.pem", chain_list=0x0, revoke_list=0x0, prompter=0x23d62a  
<krb5_prompter_posix>, prompter_data=0x0, password=0xbffffa75 "abc")  
at pkinit.c:1487
#8  0x0023aecb in krb5_get_init_creds_opt_set_pkinit  
(context=0x1100f50, opt=0x1103440, principal=0x1103430,  
user_id=0x1f94 "pkcs11:/Library/OpenSC/lib/opensc-pkcs11.so",  
x509_anchors=0x11034f0 "FILE:/Library/KerberosCerts/cacert.pem",  
pool=0x0, pki_revoke=0x0, flags=0, prompter=0x23d62a  
<krb5_prompter_posix>, prompter_data=0x0, password=0xbffffa75 "abc")  
at pkinit.c:1973
#9  0x00001e06 in KLoginPrincipal (principal=0xbffffa5e  
"hotz@HOTZ.JPL.NASA.GOV", password=0xbffffa75 "abc") at ttest.c:51
#10 0x00001f26 in main (argc=3, argv=0xbffff998) at ttest.c:88
(gdb)

On Dec 9, 2007, at 8:35 AM, Love Hörnquist Åstrand wrote:

> Hello,
>
> There is now a 1.0.2RC6 on the snapshot on the ftp area (also mac  
> and ubuntu binaries).
>
> Will do a release of 1.0.2 in the middle of next week unless  
> something pops up.
>
> Love

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: heimdal 1.0.2RC6
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- heimdal 1.0.2RC6
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: 555eu bonus from Las Vegas
Next by Date: Re: MIT AD Trust PAC handling
Prev by thread: Re: heimdal 1.0.2RC6
Next by thread: Re: heimdal 1.0.2RC6
Index(es):
- Date
- Thread