[1406] in Kerberos-V5-bugs
K5.5 and Mutiple Entires in v5srvtab
daemon@ATHENA.MIT.EDU (Doug Engert)
Fri May 12 14:53:38 1995
Date: Fri, 12 May 95 13:53:24 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <krb5-bugs@MIT.EDU>
While testing Kerberos 5 beta 5 with DCE 1.0.3a, using a
DCE created keytab file, I ran accros what appears to be a bug.
The ./lib/krb5/keytab/file/ktf_g_ent.c file does not check the
kvno parameter to make sure it get the correct entry. The
v5srvtab file I was using has two versions for the host/... entry,
and the rlogind and/or telnetd would give a decrypt integraty
message. The code selected the first entry, rather then testing
for the correct entry.
It appears that this problem would also occure in a K5 only
situation, and is not a DCE problem as such.
*** ./lib/krb5/keytab/file/,ktf_g_ent.c Thu Apr 13 19:53:13 1995
--- ./lib/krb5/keytab/file/ktf_g_ent.c Fri May 12 11:20:06 1995
***************
*** 63,70 ****
--- 63,72 ----
cur_entry = new_entry;
}
} else {
+ if (kvno == new_entry.vno) { /* check for correct one */
cur_entry = new_entry;
break;
+ }
}
} else {
krb5_kt_free_entry(context, &new_entry);
The above fix add an if to test for the correct kvno.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
