[6034] in Kerberos
Re: rlogin don't run, help me please!!
daemon@ATHENA.MIT.EDU (Axel-Stephane Smorgrav)
Sat Oct 21 05:42:38 1995
To: kerberos@MIT.EDU
Date: 19 Oct 1995 13:00:24 GMT
From: ii58253@dlk-06oslo.teamco.telenor.no (Axel-Stephane Smorgrav)
Ok. Let's start again.
I can see from the log that your problem is that the address in the authenticator sent
to the rlogin server does not match the client address.
The address in the ticket is: 247.255.245.144 (-134220400)
The address of the client is: 137.204.57.90 (-1983104678)
So the problem seems to be that the address included in the ticket when generated by the
TGS is different from the source address in the packet received by the rlogin server. On
the top of that, 247.255.245.144 is not as far as I can tell, a legal address.
If you are sure that other Kerberized applications work fine, the Kerberos server may be
excluded as the source of the problem. You can easily verify that by checking if the
simple_server does a krb_rd_req() call and that it is successfull in doing so when
contacted by the simple_client.
Since you run the client and server on the same host, we can rule out byte ordering
problems.
If the the ticket is corrupted between the TGS and the server application, it will be
catched during decryption.
On the other hand the kerberos.log shows that the server has got the correct network
address for the client, so I cannot see any reason why it should include any other
address in the ticket. The problem you have seems _very_ mysterious.
I suggest you do som hacking on the ticket creation code in
./kerberosIV/kerberos/kerberos.c. Look for the string "APPL Request" and you will find
the code handling an application request, creating and encrypting the ticket etc. Create
som new log entries, compile, run and verify the contents of the ticket as created by
the kerberos server. Just make sure that the contents of the ticket are OK as the ticket
is sent to the client.
-ascs
