[37072] in Kerberos
Re: "forwarded" kpasswd changes
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu Jun 4 21:46:03 2015
Message-Id: <201506050145.t551jkSl006177@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <877frjyngk.fsf@hope.eyrie.org>
MIME-Version: 1.0
Date: Thu, 04 Jun 2015 21:45:46 -0400
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>I don't know what causes this, but it's definitely not you. I've seen
>this behavior for years. The client appears to be complaining about the
>response from the server, which it thinks has the wrong net address (or
>something; I was always murky on the details), but the change goes through
>anyway.
I haven't tried that combination, but from memory the issue is that
the kpasswd protocol uses a KRB-PRIV message and the issue was that
you can't omit an IP address from it (let me check ... yes, the sender's
address is not optional in a KRB-PRIV message). You could run kpasswd
under a debugger to figure out what the "wrong" address is. But I suspect
it would be just easier to modify the MIT client to ignore the IP address
on the KRB-PRIV on the reply message.
>The kpasswd protocol is horrible.
+1
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
