[1875] in Kerberos
Re:
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Apr 28 14:01:19 1992
Date: Tue, 28 Apr 92 13:14:43 -0400
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: hussien@masi.ibp.fr
Cc: kerberos@Athena.MIT.EDU
In-Reply-To: hussien@masi.ibp.fr's message of Mon, 27 Apr 92 18:15:38 +0200,
Reply-To: tytso@Athena.MIT.EDU
Date: Mon, 27 Apr 92 18:15:38 +0200
From: hussien@masi.ibp.fr
- The system does'nt verify or does'nt verify correctly
the passwords of principales. For instance, a principal "hua"
can 'change' his password by supplying a false 'old password".
Moreover, an adminstrator (in kerberos sense) can modify the
database without necessarily giving the correct
"admin password"(it can even press just <RETURN>).
If not for this two problems, things work fine so far :
the sample cl/srv program, the remote services (rlogin, rsh
rcp) all work good. For your information, as I don't have
export licence for the DES library of MIT, I used the one
written by Eric Young in Australia.
That hardly sounds like a version which is "working fine" to me! The
first thing I would suspect is the DES libraries. Are you sure they're
actually doing DES, and returning some constant garbage? That would
cause the behavior you describe. If the same thing is true for kinit
(i.e., any password works), then it soudns like you either have a bug in
the DES library or the Kerberos library when it was modified to use some
other DES subroutines.
- Ted
