[1028] in Kerberos-V5-bugs
Re: krb5 vs. DCE
daemon@ATHENA.MIT.EDU (Joseph N. Pato)
Tue Jan 3 10:56:08 1995
Date: Tue, 3 Jan 1995 10:55:26 -0500
To: "George W. Baltz" <gwb@holmes.umd.edu>
From: pato@apollo.hp.com (Joseph N. Pato)
Cc: krb5-bugs@MIT.EDU, gwb@umd5.umd.edu
At 10:36 12/28/94, George W. Baltz wrote:
>Believing the FAQ, I tried to run some krb5 clients against our (test) DCE
>servers, with less than spectacular results. kinit did connect to the server,
>but gave up with ASN.1 missing field errors.
>
>Problem: no code in krb5 for ASN.1 'constructed indefinite' fields, which the
>DCE security server uses. (Probably means they don't have to build messages
>backwards :-) .)
>
The FAQ was correct at the time it was last released. The ASN.1 encoding
code changed in the latest beta patch from MIT and stopped supporting both
BER and DER encodings. The older version of DCE (currently shipped
products) were improperly generating the indefinite fields. Newer DCE code
will generate the proper sequences and accept either. The MIT code used to
generate the proper encoding and accept either, but when the ISODE based
code was replaced with hand rolled marshalling code, this feature was lost.
Thanks for your restoring this capability.
- Joe Pato
Hewlett-Packard Co.
pato@ch.hp.com
+1 (508) 436-4350; FAX +1 (508) 436-5140
