[5989] in Kerberos
Re: v4 or v5 for Sun server & Mac clients?
daemon@ATHENA.MIT.EDU (Howard Chu)
Fri Oct 13 14:53:36 1995
To: kerberos@MIT.EDU
Date: 13 Oct 1995 11:32:48 -0700
From: hyc@troy.la.locus.com (Howard Chu)
In article <9510101823.AA03595@_marlboro.edu>,
Jim Mahoney <mahoney@marlboro.edu> wrote:
>>>>>> "Sam" == Sam Hartman <hartmans@mit.edu> writes:
> Sam> You probably don't want the latest public release of
> Sam> Kerberos 5; either use CNS (Cygnus Network
> Sam> Security--http://www.cygnus.com/) or Kerberos 5 beta 4-3
>Thanks for the suggestion. Is there a simple reason why?
Good question, I'll second it.
But as an aside, I'll mention that I ran into problems using the Kerberos 4
support in the K5B5 distribution, under Windows. des_pcbc_encrypt in lib/des425
was misbehaving, and I had to fall back to the code from the K4 source tree.
I wish I had more time to track down the exact problem. The symptom was that
a Windows kerberos client could not authenticate itself for a service, because
krb_rd_req complained that it's timestamp was out of bounds. In krb_mk_req,
the authenticator was encrypted correctly, up to the timestamp (which is the
last field of the authenticator). Then, as near as I can tell, the last 3
bytes of the timestamp were garbage. (In my case, the req_id was 27 bytes long,
padded to 32 with zeroes. I haven't played with this with other sizes to see
how the broken code behaves.)
--
Howard Chu Principal Member of Technical Staff
hyc@locus.com Locus Computing Corporation
