[11680] in Kerberos-V5-bugs
[krbdev.mit.edu #6768] regression in gssapi when using
daemon@ATHENA.MIT.EDU (Simo Sorce via RT)
Mon Sep 13 18:19:16 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Simo Sorce via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6768@krbdev.mit.edu>
Message-ID: <rt-6768-33128.2.89321245257788@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6768'":;"'AdminCc of krbdev.mit.edu Ticket #6768'":;@MIT.EDU
Date: Mon, 13 Sep 2010 18:19:13 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Ticket update.
Thanks to git-bisect and Luke Howard it appears the problem has been
identified.
The bug has been introduced with this commit:
http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/krb5/krb/mk_req_ext.c?r1=23100&r2=23358
The issu is in the reordering of the checksum check in
krb5_mk_req_extended()
The attached patch is a temporary workaround that shows the issue is
indeed in that reordering as I am able to pass the rpcclient test using it.
It is not final because apparently it breaks IAKRB.
A better patch should follow.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
