[1545] in Kerberos-V5-bugs
krb5 beta5 bug: rsh -F gives bogus ``clock skew'' error
daemon@ATHENA.MIT.EDU (Jonathan Stone)
Thu Jul 13 09:53:20 1995
Date: Thu, 13 Jul 1995 06:46:46 -0700
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
To: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Errors-To: kerberos-request@MIT.EDU
I haven't been watching comp.protocols.kerberos recently;
my apologies if this is a well-known problem.
I'm using krb5..b5 with the ANL patches (excluding the patches for
table-lookup inter-realm-authentication.)
In the resulting Krb5, Krb5.B5 rsh -F seems to always fail with a
bogus ``clock skew too great'' message. I see this on old RISC
Ultrix systems (4.2a with multicast), SunOS 4.1.3, and Linux 1.2.10.
(krb5 without the patches doesn't even work *this* well.)
rsh without forwarding and rlogin (with or without forwarding)
work successfully between all the above systems. Since rlogin
and rsh share ticket-forwarding code in appl/bsd/forward.c, I conjecture
there's a bug in the krb5 rsh/rshd code that marshals and/or
demarshals forwarded tickets and passes them into appl/bsd/forward.c.
The following is an edited script record of four Kerberized r-command
sessions from one machine, Kowhai, to itself: rlogin, rlogin -F, rsh,
and rsh -F. In each case, The ``local'' tty i/o prefixed by '<' and
the 'remote' tty i/o prefixed by '>', and blank lines inserted between
each r-command. It's probably easier to duplicate this yourself.
In addition, when Kerberos rsh fails to forward tickets, rsh -F is
passing the -F flag to UCB rsh, which is *another* bug!
(The ``Warning: no Kerberos tickets obtained'' is an incorrect Krb4-oriented
warning I don't care about.)
Script started on Thu Jul 13 04:24:13 1995
<Kowhai% echo "*** rlogin without forwarding works"
<*** rlogin without forwarding works
<Kowhai% /usr/local/krb5/bin/rlogin kowhai
>Last login: Thu Jul 13 04:11:19 from cuisinart2
>
>Warning: No Kerberos tickets obtained.
>
>SunOS Release 4.1.3_U1 (DSG) #1: Wed Nov 2 11:27:28 PST 1994
>You have mail.
>Kowhai% exit
>logout
>Connection closed.
<Kowhai% echo "*** rlogin WITH forwarding works"
<*** rlogin WITH forwarding works
<Kowhai% /usr/local/krb5/bin/rlogin -F kowhai
>Last login: Thu Jul 13 04:24:39 from Kowhai
>
>Warning: No Kerberos tickets obtained.
>
>SunOS Release 4.1.3_U1 (DSG) #1: Wed Nov 2 11:27:28 PST 1994
>You have mail.
>Kowhai% exit
>logout
>Connection closed.
<Kowhai% echo "*** rsh WITHOUT forwarding works"
<*** rsh WITHOUT forwarding works
<Kowhai% /usr/local/krb5/bin/rsh kowhai pwd
>/pescadero/u2/jonathan
<Kowhai% echo "*** BUG: rsh WITH forwarding FAILS"
<*** BUG: rsh WITH forwarding FAILS
<Kowhai% /usr/local/krb5/bin/rsh -F kowhai pwd
>krshd: Can't get forwarded credentials: Clock skew too great
>rsh: kcmd to host kowhai failed - Unknown code ____ 255
>trying normal rsh (/usr/ucb/rsh)
>-F: unknown host
<Kowhai% exit
script done on Thu Jul 13 04:26:07 1995
