[31816] in Kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: principal: Invalid argument while creating "foo@FOO".

daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Dec 28 22:17:38 2009

To: Jeff Blaine <jblaine@kickflop.net>
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 28 Dec 2009 22:17:19 -0500
In-Reply-To: <4B396CEF.9010504@kickflop.net> (Jeff Blaine's message of "Mon,
	28 Dec 2009 21:43:59 -0500")
Message-ID: <ldvfx6ubha8.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Jeff Blaine <jblaine@kickflop.net> writes:

> On 12/28/2009 9:41 PM, Tom Yu wrote:
>> Jeff Blaine<jblaine@kickflop.net>  writes:
>>
>>> No, that works fine.
>>
>> When running kadmin remotely, does "addprinc" without "-randkey"
>> succeed?
>
> Yup.

This is probably a known bug, #6074.  It was fixed in krb5-1.7, but
not back-ported to 1.6.x.  Basically, krb5-1.7 causes the RC4
string-to-key to perform a proper UTF-8 conversion, and the "dummy"
password that kadmin uses for performing the "addprinc -randkey"
operation contains octet sequences that are not valid UTF-8.  It's
kind of an impedance mismatch between krb5-1.7 and earlier kadmin
clients.  Do you have RC4 ("arcfour-hmac-md5", etc.) configured in
your "supported_enctypes" on that KDC?

http://krbdev.mit.edu/rt/Ticket/Display.html?id=6074&user=guest&pass=guest
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post