[30801] in Kerberos
Re: Using Smartcard with PK-INIT does not respond
daemon@ATHENA.MIT.EDU (Loren M. Lang)
Wed Mar 4 11:14:00 2009
From: "Loren M. Lang" <lorenl@alzatex.com>
To: Kevin Coffman <kwcoffman@gmail.com>
In-Reply-To: <1236177197.13692.2141.camel@ruth.aloha.tallye.com>
Date: Wed, 04 Mar 2009 07:08:41 -0800
Message-Id: <1236179322.13692.2284.camel@ruth.aloha.tallye.com>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============1261456868=="
Errors-To: kerberos-bounces@mit.edu
--===============1261456868==
Content-Type: multipart/signed; micalg="sha1";
protocol="application/x-pkcs7-signature";
boundary="=-UsuUcJ1kDrkS+PrIqXjR"
--=-UsuUcJ1kDrkS+PrIqXjR
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2009-03-04 at 06:33 -0800, Loren M. Lang wrote:
> On Wed, 2009-03-04 at 08:46 -0500, Kevin Coffman wrote:
> > On Wed, Mar 4, 2009 at 1:49 AM, Loren M. Lang <lorenl@north-winds.org> =
wrote:
> > > I am trying to enable smartcard logins to a MIT Kerberos domain using
> > > the recent PK-INIT preauth plugin. I am using Ubuntu 8.10 with it's
> > > stock Kerberos 1.6.4 packages except for pkinit.so recompiled with
> > > -DDEBUG. I have a server certificate installed on the KDC with the
> > > extended key usage id_pkinit_KPKdc and an appropriate subjectAltName.
> > > There is one intermediate certificate between it and the root CA.
> > > Client certificates were generated similarly only with the
> > > id_pkinit_KPClientAuth key usage and have two intermediates between i=
t
> > > and the same root CA. The client certificates are installed on a sma=
rt
> > > card using opensc and are also enabled for the clientAuth key usage f=
or
> > > SSL client authentication. I also have intermediate CAs and the root=
CA
> > > installed on the smart card as well. Firefox is able to see the smar=
t
> > > card including all intermediates and root CAs and is able to use it t=
o
> > > authenticate against a SSL website. Running kinit with debugging out=
put
> > > I was able see that is was complaining that the smart card had four
> > > matching certs. It did not filter out certificates missing the
> > > appropriable key usages or missing subjectAltName, maybe that's typic=
al.
> > > I setup a pkinit_cert_match to filter out the other certificates and =
now
> > > kinit reports finding exactly one match, but bails out later due to
> > > missing intermediate certificates so I setup pkinit_pool to point
> > > to /etc/ssl/certs with appropriate certificates. It did not seem to =
use
> > > the intermediates already on the smart card, is this normal?
> >=20
> > Normal is subjective ;-) There is no code to deal with intermediates
> > or root CAs that might be found on the smartcard.
>=20
> Bad choice of words, I meant, how MIT's PK-INIT code is supposed to
> behave. I was assuming that this functionality was supported by
> OpenSSL/OpenSC and not MIT specifically.
>=20
> >=20
> > > Now kinit
> > > was complaining about some broken symlinks that exist
> > > under /etc/ssl/certs and it bails out. Shouldn't these just be ignor=
ed?
> >=20
> > I thought anything that wasn't a cert was ignored w/o bailing, but
> > this might have been missed.
> >=20
> > > This symlinks point to missing certificates that have nothing to do w=
ith
> > > the pki infrastructure I am using, but once I moved the symlinks out =
of
> > > the way, kinit continued and finally sent out an AS-REQ with the PK-I=
NIT
> > > preauth data, but received no response. According to Wireshark,
> > > following the initial AS-REQ with no preauth, the server responds wit=
h a
> > > NEEDED_PREAUTH error listing six preauth types including PA-PK-AS-REQ
> > > and PA-PK-AS-REP. The client then sends a single IP fragment respons=
e.
> > > The fragment has a payload of 1480 bytes with flag more fragments, bu=
t
> > > no further fragments are sent. I have no firewall rules installed an=
d
> > > am at a loss as to why there are no more fragments.
> >=20
> > I'm not sure what might be happening here. This would just be a
> > work-around, but is it possible for you to try using TCP rather than
> > UDP?
>=20
> I enabled TCP support on my KDCs and netstat confirms they are listening
> on them. I tried setting udp_preference_limit to 1480, 1000, and 50,
> but kinit never uses TCP. I put udp_preference_limit both at the very
> beginning and very end of my libdefaults section in krb5.conf and even
> tried using copy/paste to double check that I typed it correctly.
Never mind, I was using SRV records and only install _udp types.
Specifying the server in krb5.conf resolved that. Now, the error I am
getting is KRB5KRB_ERR_GENERIC: KDC_RETURN_PADATA.
>=20
> Also, kdc_tcp_ports is not documented in my kdc.conf man page. I had to
> look in the info pages for it.
>
> >=20
> > K.C.
> >=20
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--=20
Loren M. Lang
lorenl@alzatex.com
http://www.alzatex.com/
Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B
--=-UsuUcJ1kDrkS+PrIqXjR
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIZ0jCCBVcw
ggQ/oAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwgYoxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJ
kiaJk/IsZAEZFgZ0YWxseWUxFjAUBgNVBAoMDUFsemF0ZXgsIEluYy4xFTATBgNVBAsMDENlcnRp
ZmljYXRlczEsMCoGA1UEAwwjQWx6YXRleCBVc2VycyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
MDkwMzAzMjEwNjM4WhcNMTAwMzAzMjEwNjM4WjCBiDETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQG
CgmSJomT8ixkARkWBnRhbGx5ZTEWMBQGA1UECgwNQWx6YXRleCwgSW5jLjEPMA0GA1UECwwGUGVv
cGxlMRYwFAYDVQQDDA1Mb3JlbiBNLiBMYW5nMRgwFgYKCZImiZPyLGQBAQwIc3R0bmczNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtcOdQVV/H5exBjxMWJvYI0/ET0+7qDhiVFg6V
3nskL85lN8Yy5X7ZHKYiUIsFaAv4e+wzlSAerJxL5FMwW1KwFeDNyUseiarkNXifbCcOsEDu649V
4dP5pUi9R5OHRsFBqrAx5fe4AgIsNRGy+IAQ3CBN3Afn5RSbZkptz4jwE4ocBGCxWOVZYvmnrXXY
MbJkr7S5BDoBa15hJgZCD++jF8VEjmX0wS/WgngT5BX22p0dTmW0VVo9XPx79gTrSSqCQMJSWim6
L5WuqzflYQYGuFEjYxWmjjzYm24obA+XPOBkYxppnbc1QFeVCHjzYfd9CYGvTET166dytl6HKF8B
AgMBAAGjggHGMIIBwjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSr/6hpXUG3zum+8EVDIdPqppot
hzAfBgNVHSMEGDAWgBToL3pYj/2hGhatKthu4+wFjk2EmzA8BgNVHRIENTAzgQ1jYUB0YWxseWUu
Y29thiJodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMvdXNlcnMvMDkGA1UdHwQyMDAwLqAsoCqG
KGh0dHA6Ly93d3cudGFsbHllLmNvbS9jZXJ0cy91c2Vycy9DQS5jcmwwXwYIKwYBBQUHAQEEUzBR
MDQGCCsGAQUFBzAChihodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMvdXNlcnMvQ0EuY3J0MBkG
CCsGAQUFBzACgQ1jYUB0YWxseWUuY29tMAsGA1UdDwQEAwIFoDAmBgNVHSUEHzAdBggrBgEFBQcD
AgYIKwYBBQUHAwQGBysGAQUCAwQwEQYJYIZIAYb4QgEBBAQDAgWgMFAGA1UdEQRJMEeBEmxvcmVu
bEBhbHphdGV4LmNvbaAxBgYrBgEFAgKgJzAloAwbClRBTExZRS5DT02hFTAToAMCAQGhDDAKGwhz
dHRuZzM1OTANBgkqhkiG9w0BAQUFAAOCAQEAARlyZLBb1QBXc6Xqy74L/MtM+ewS9VfVROKO3up8
NF9wGyEUmj9SXOPzu5y8SxSGAuYua4HNWdCjJYjHtYdsfJO7poNvyWBwhj4MrWEseLhtIFIMs0a+
2rLss+NY2YocRz5xKkkdE6V+9rEnWMwDFASc7fz77wdjWyWzH4RC63CimSzO+AanCsUTArGnX0HW
a1tC58V7OYj1xREht8CIY/JU9TWbM80gN4jyN/2YKERFW4lGQs54LOnrkgs+4Mh9PfpnWIPSD4Ri
BK3AkIGS5NvpQfFUGKSyBJNBcXNCRDGnxd5vG4i1GvHdd45medrzKBqmmHFw/UZZ/WpmlcvlDDCC
BVcwggQ/oAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwgYoxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAU
BgoJkiaJk/IsZAEZFgZ0YWxseWUxFjAUBgNVBAoMDUFsemF0ZXgsIEluYy4xFTATBgNVBAsMDENl
cnRpZmljYXRlczEsMCoGA1UEAwwjQWx6YXRleCBVc2VycyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
HhcNMDkwMzAzMjEwNjM4WhcNMTAwMzAzMjEwNjM4WjCBiDETMBEGCgmSJomT8ixkARkWA2NvbTEW
MBQGCgmSJomT8ixkARkWBnRhbGx5ZTEWMBQGA1UECgwNQWx6YXRleCwgSW5jLjEPMA0GA1UECwwG
UGVvcGxlMRYwFAYDVQQDDA1Mb3JlbiBNLiBMYW5nMRgwFgYKCZImiZPyLGQBAQwIc3R0bmczNTkw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtcOdQVV/H5exBjxMWJvYI0/ET0+7qDhiV
Fg6V3nskL85lN8Yy5X7ZHKYiUIsFaAv4e+wzlSAerJxL5FMwW1KwFeDNyUseiarkNXifbCcOsEDu
649V4dP5pUi9R5OHRsFBqrAx5fe4AgIsNRGy+IAQ3CBN3Afn5RSbZkptz4jwE4ocBGCxWOVZYvmn
rXXYMbJkr7S5BDoBa15hJgZCD++jF8VEjmX0wS/WgngT5BX22p0dTmW0VVo9XPx79gTrSSqCQMJS
Wim6L5WuqzflYQYGuFEjYxWmjjzYm24obA+XPOBkYxppnbc1QFeVCHjzYfd9CYGvTET166dytl6H
KF8BAgMBAAGjggHGMIIBwjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSr/6hpXUG3zum+8EVDIdPq
ppothzAfBgNVHSMEGDAWgBToL3pYj/2hGhatKthu4+wFjk2EmzA8BgNVHRIENTAzgQ1jYUB0YWxs
eWUuY29thiJodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMvdXNlcnMvMDkGA1UdHwQyMDAwLqAs
oCqGKGh0dHA6Ly93d3cudGFsbHllLmNvbS9jZXJ0cy91c2Vycy9DQS5jcmwwXwYIKwYBBQUHAQEE
UzBRMDQGCCsGAQUFBzAChihodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMvdXNlcnMvQ0EuY3J0
MBkGCCsGAQUFBzACgQ1jYUB0YWxseWUuY29tMAsGA1UdDwQEAwIFoDAmBgNVHSUEHzAdBggrBgEF
BQcDAgYIKwYBBQUHAwQGBysGAQUCAwQwEQYJYIZIAYb4QgEBBAQDAgWgMFAGA1UdEQRJMEeBEmxv
cmVubEBhbHphdGV4LmNvbaAxBgYrBgEFAgKgJzAloAwbClRBTExZRS5DT02hFTAToAMCAQGhDDAK
GwhzdHRuZzM1OTANBgkqhkiG9w0BAQUFAAOCAQEAARlyZLBb1QBXc6Xqy74L/MtM+ewS9VfVROKO
3up8NF9wGyEUmj9SXOPzu5y8SxSGAuYua4HNWdCjJYjHtYdsfJO7poNvyWBwhj4MrWEseLhtIFIM
s0a+2rLss+NY2YocRz5xKkkdE6V+9rEnWMwDFASc7fz77wdjWyWzH4RC63CimSzO+AanCsUTArGn
X0HWa1tC58V7OYj1xREht8CIY/JU9TWbM80gN4jyN/2YKERFW4lGQs54LOnrkgs+4Mh9PfpnWIPS
D4RiBK3AkIGS5NvpQfFUGKSyBJNBcXNCRDGnxd5vG4i1GvHdd45medrzKBqmmHFw/UZZ/Wpmlcvl
DDCCBwkwggXxoAMCAQICAQswDQYJKoZIhvcNAQEFBQAwgYQxEzARBgoJkiaJk/IsZAEZFgNjb20x
FjAUBgoJkiaJk/IsZAEZFgZ0YWxseWUxFjAUBgNVBAoMDUFsemF0ZXgsIEluYy4xFTATBgNVBAsM
DENlcnRpZmljYXRlczEmMCQGA1UEAwwdQWx6YXRleCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
MDkwMzAzMjAyOTEzWhcNMTEwMzAzMjAyOTEzWjCBijETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQG
CgmSJomT8ixkARkWBnRhbGx5ZTEWMBQGA1UECgwNQWx6YXRleCwgSW5jLjEVMBMGA1UECwwMQ2Vy
dGlmaWNhdGVzMSwwKgYDVQQDDCNBbHphdGV4IFVzZXJzIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM4Gi1oIayl5PJSQPhTnc6Ko75/fGmsD5pl
ObNxCWzVozn9P1AVNKz5MHDswwSMlIy1RnVdJX4baNPTm69vEiAjrQrYHIBPSVQjzeRRFK6K8NAJ
YWCcGWiQYG03WlCBJcu5UusaAaOoKNrAGylf0mrItXv241i8X8+shcs4bexd/4Ez0TZoV4xuhDbf
58z/R50wu8t5wX2TheIryrc1kWWNrlc0Cr3V/YxNs7sVz5o4W0HYz42EU+xrZpra0D9+aVRxQ7Wf
UrX27vfN6E1wMGhWKUY8iGqbxr8wyj0Kl6Tru1yV9aqKisgUE2QkiDIn/a44rQ8jcsOXQY83n5hq
oMcCAwEAAaOCA3wwggN4MBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUUZag4M0uur28
nCtCAjyZgpkBrgEwNgYDVR0SBC8wLYENY2FAdGFsbHllLmNvbYYcaHR0cDovL3d3dy50YWxseWUu
Y29tL2NlcnRzLzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMv
Q0EuY3JsMH4GCCsGAQUFBwEBBHIwcDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AudGFsbHllLmNv
bS8wLgYIKwYBBQUHMAKGImh0dHA6Ly93d3cudGFsbHllLmNvbS9jZXJ0cy9DQS5jcnQwGQYIKwYB
BQUHMAKBDWNhQHRhbGx5ZS5jb20wMQYJYIZIAYb4QgEEBCQWImh0dHA6Ly93d3cudGFsbHllLmNv
bS9jZXJ0cy9DQS5jcmwwMQYJYIZIAYb4QgEDBCQWImh0dHA6Ly93d3cudGFsbHllLmNvbS9jZXJ0
cy9DQS5jcmwwHQYDVR0OBBYEFOgveliP/aEaFq0q2G7j7AWOTYSbMA4GA1UdDwEB/wQEAwIBBjAm
BgNVHSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwQGBysGAQUCAwQwEQYJYIZIAYb4QgEBBAQDAgEG
MDoGCWCGSAGG+EIBDQQtFitBbHphdGV4LCBJbmMuIC0gVXNlcnMgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MDgGCWCGSAGG+EIBCAQrFilodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMvdXNlcnMvcG9s
aWN5LzCBzwYDVR0gBIHHMIHEMIHBBgRVHSAAMIG4MDUGCCsGAQUFBwIBFilodHRwOi8vd3d3LnRh
bGx5ZS5jb20vY2VydHMvdXNlcnMvcG9saWN5LzB/BggrBgEFBQcCAjBzMBQWDUFsemF0ZXgsIElu
Yy4wAwIBBBpbVGhpcyBjZXJ0aWZpY2F0ZSBpcyB0byBiZSB1c2VkIG9ubHkgZm9yIHNpZ25pbmcg
Y2VydGlmaWNhdGVzIGZvciBlbmQgdXNlcnMgYXQgQWx6YXRleCwgSW5jLjA8BgNVHREENTAzgQ1j
YUB0YWxseWUuY29thiJodHRwOi8vd3d3LnRhbGx5ZS5jb20vY2VydHMvdXNlcnMvMA0GCSqGSIb3
DQEBBQUAA4IBAQC4hmaLISF/M8EbtslWOSyNi84v37+gl1tJS4oXnwsbTc7lMRLYbsvagxR7rgU1
lLSoVSV3JIDuHBjVUHnyqWwERhv7nFg4Pt6UU40rRp0eqc2O5/zk/dIkW4KW7uHog4wP46lufF1H
UfkdAHNaYVP4dQr55LmAhopv7MzSwf3nqLddDVxKQIUGCqMaLuBxKppgzmZOuij9V8Yt4T7tBvHC
EjD3aJRtEQlZsLGlZE+9yNtbWhZ7I+5wgUirWlWncL1P43GA3fXpz7DSMElh+K2s04VNd4C4+1v1
O+ic6GpHnxj/Y8H2cy/R4rv9mgIVmiJOdVAI8oNZnITVKGgcDu76MIIICzCCBfOgAwIBAgIBBjAN
BgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjEOMAwGA1UEBxMF
QWxvaGExFDASBgNVBAoTC05vcnRoIFdpbmRzMRUwEwYDVQQLEwxDZXJ0aWZpY2F0ZXMxLzAtBgNV
BAMTJk5vcnRoIFdpbmRzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkB
FhJjYUBub3J0aC13aW5kcy5vcmcwHhcNMDgwNzIzMDkwMTA2WhcNMTMwMTA4MDkwMTA2WjCBhDET
MBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnRhbGx5ZTEWMBQGA1UECgwNQWx6
YXRleCwgSW5jLjEVMBMGA1UECwwMQ2VydGlmaWNhdGVzMSYwJAYDVQQDDB1BbHphdGV4IENlcnRp
ZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfRSGcjUPK9
JGNt9Zq5+/BHlKOKvi3FssF7I//6BdOr0L/rZmlHI045Sx6bY39YDyhRl0Z0PVMt6nn9QUxDh2rg
XvtuX8kzVl9fl7v/qspUA/mT7pzHmHaHrDhqZBciGhWl6xNZh8aL3QQzHte8NQgZt/BzcOiqLTtx
e/+ldabVzbcmH20jPCSfQtlDaRWTNl4+AoodpKCX4ulFWU5veTWweR3OV5qtfiCZrCpNJb6b4BVk
2tyYGd1sf7ZH4PZ6oo8Vwknr5P9sd3UxfQxcdpPU4L9A4s9KGRGk+pgA9gfpE8r/R+gPJ9WVZ2O3
QeNK6r5MwgszJSUCvyRivh9Bvo8CAwEAAaOCA1kwggNVMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFFGWoODNLrq9vJwrQgI8mYKZAa4BMB8GA1UdIwQYMBaAFP6C3OGU9nu9hPPt97vwV1VqIAlb
MEAGA1UdEgQ5MDeBEmNhQG5vcnRoLXdpbmRzLm9yZ4YhaHR0cDovL3d3dy5ub3J0aC13aW5kcy5v
cmcvY2VydHMvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly93d3cubm9ydGgtd2luZHMub3JnL2Nl
cnRzL0NBLmNybDA4BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLm5vcnRo
LXdpbmRzLm9yZy8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzA0BglghkgBhvhC
AQ0EJxYlQWx6YXRleCwgSW5jLiAtIENlcnRpZmljYXRlIEF1dGhvcml0eTAyBglghkgBhvhCAQgE
JRYjaHR0cDovL3d3dy50YWxseWUuY29tL2NlcnRzL3BvbGljeS8wNgYDVR0RBC8wLYENY2FAdGFs
bHllLmNvbYYcaHR0cDovL3d3dy50YWxseWUuY29tL2NlcnRzLzCCATAGA1UdIASCAScwggEjMIIB
HwYEVR0gADCCARUwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudGFsbHllLmNvbS9jZXJ0cy9wb2xp
Y3kvMIHhBggrBgEFBQcCAjCB1DAUGg1BbHphdGV4LCBJbmMuMAMCAQEagbtUaGlzIGNlcnRpZmlj
YXRlIGlzIHRvIGJlIHVzZWQgb25seSBmb3Igc2lnbmluZyBjZXJ0aWZpY2F0ZXMgYW5kIENSTHMg
cGVydGFpbmluZyB0byBTU0wvVExTIHNlcnZpY2VzIGZvciBBbHphdGV4LCBJbmMuLCBpZGVudGlm
aW5nIEFsemF0ZXggZW1wbG95ZWVzLCBhbmQgc2ltaWxhciBBbHphdGV4IHJlbGF0ZWQgc2VyaXZj
ZXMuMFMGCCsGAQUFBwELBEcwRTAoBggrBgEFBQcwBYYcaHR0cDovL3d3dy50YWxseWUuY29tL2Nl
cnRzLzAZBggrBgEFBQcwBYENY2FAdGFsbHllLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEAnt2wRYkc
esB9f8oeEpo9gwAs1xpIXlRd8g2ihDJF24AuPHICsU6SjNyaNvtEJFuxAtJ92LYTeePh7lpIIGUw
FlVPq2POC6sSScrqBjnt6NcJnGZBs5Dz1dnyuOA2uOzKWf2tblVdIJTDcJITWcARo5gbzc7GAgs4
IK2CE7PMo8Wi1KbvvLB6yRf/qDRMEAr1sY6TZ/6l4Wz6L5nShg6mXkEJUhHJ041BF/HEfthtGpR/
loG+XkR9ZAh4jub6MuZ018mr5DjjI0IaupfZKH1feSDhOpKPPVm+H4fMH8wbIjePMW6qhZQrxk9w
vik3IIqCH+V6dEitEj3DEM4WWDYGSA1zwxPf6I4u3nw2NvinKMhzP8H9nRKQrRZ+YlGrqQxx0PYB
VRzsFbL49kwfmXpav6dSa/gLgcVsBQzRyuI3K2/ihc9qTn9QEsarB6U0SSq0B4rC9uL8pTwg7pfN
3Vg9eQ+7TMYj4KUYNk3iEJuR7jdK5vKvcItosq9lwTCkNvqTdrA4btvDFHZrJFlcPhxCyYvJRL3l
jj+7Q892eNl9NMDTgFrc/tWYNIsYZwC49wU6CjEG7nnFj9x6NKQy+dPlvp1JBM1p07Y1wyK/V9QZ
aZTRxRNorGzacQlG7jdUoHl0IrEpSWoXpGvfwhEmJDOZvpUBKC4TcdZ3F5wCfW9vJ6gxggNjMIID
XwIBATCBkDCBijETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnRhbGx5ZTEW
MBQGA1UECgwNQWx6YXRleCwgSW5jLjEVMBMGA1UECwwMQ2VydGlmaWNhdGVzMSwwKgYDVQQDDCNB
bHphdGV4IFVzZXJzIENlcnRpZmljYXRlIEF1dGhvcml0eQIBATAJBgUrDgMCGgUAoIIBpzAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTAzMDQxNTA4NDBaMCMGCSqG
SIb3DQEJBDEWBBSwPgmsUozQFVEuSsp1h7vWafSB2zCBoQYJKwYBBAGCNxAEMYGTMIGQMIGKMRMw
EQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGdGFsbHllMRYwFAYDVQQKDA1BbHph
dGV4LCBJbmMuMRUwEwYDVQQLDAxDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMMI0FsemF0ZXggVXNlcnMg
Q2VydGlmaWNhdGUgQXV0aG9yaXR5AgEBMIGjBgsqhkiG9w0BCRACCzGBk6CBkDCBijETMBEGCgmS
JomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnRhbGx5ZTEWMBQGA1UECgwNQWx6YXRleCwg
SW5jLjEVMBMGA1UECwwMQ2VydGlmaWNhdGVzMSwwKgYDVQQDDCNBbHphdGV4IFVzZXJzIENlcnRp
ZmljYXRlIEF1dGhvcml0eQIBATANBgkqhkiG9w0BAQEFAASCAQCChgxek+b+3HwBOoIQr8is7if2
xdRRSbDpZRnhVeFKH5/CYuPbPK/cFelAWEn89LbJ6W6FguT7EAQgM6CybwVPmyfI8hVheIbQt7PN
0A9ai/6W2Y6zBxj9bil05hlUQs5aVNpvXWAx17DHWaD8SFIsFw0PI049EjmPoz1JUJoxvgUKcyak
ClcFtamO1Kp4khaQiGtUBZ/UgsQnZtrXkGuAVJHgWgM0IwM4KhJ/RFPsMIPTI1ZeH4CwTCzpgFUZ
jMeo3qXUgYo9BkBk7OPeiB/ls2l5fr4R3cJ9gRyt/k06DnHGUAJecxiJkekTxxPczE/RVUTYGWfU
LbhfKYrw31rdAAAAAAAA
--=-UsuUcJ1kDrkS+PrIqXjR--
--===============1261456868==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1261456868==--
