[1592] in Kerberos-V5-bugs
Telnet Encrypt mode fails
daemon@ATHENA.MIT.EDU (Joe Ramus)
Tue Aug 8 19:49:25 1995
Date: Tue, 8 Aug 95 16:49:03 PDT
From: ramus@nersc.gov (Joe Ramus)
To: krb5-bugs@MIT.EDU
Cc: smace@neosoft.com
I compiled Kerberos 5.5 on SunOS 4.3 with both ENCRYPTION and DES_ENCRYPTION
defined. When I try to use the -x option, the output becomes a mess of
random characters. This indicates that the data flow between client & server
is Encrypted but the Decryption fails.
I have appended a dump of telnet startup and also a trace of the
options processing.
%% telnet -a -x -d -e ^T -n ~/qqtrace
Telnet escape character is '^T'.
telnet> set authdebug
auth debugging enabled
telnet> set encdebug
Encryption debugging enabled
telnet> set verbose_encrypt
Encryption is verbose
telnet> set options
Will show option processing.
telnet> open osi.nersc.gov 756
Trying 128.55.184.187...
Connected to osi.nersc.gov.
Escape character is '^T'.
>>>TELNET: I support auth type 2 2
>>>TELNET: I support auth type 2 0
>>>TELNET: I support auth type 1 2
>>>TELNET: I support auth type 1 0
>>>TELNET: I will support DES_CFB64
>>>TELNET: I will support DES_OFB64
>>>TELNET: auth_send got: 02 02 02 00
>>>TELNET: He supports 2
>>>TELNET: Trying 2 2
>>>IS:0: [0] (430) 6e 82 01 aa 30 82 01 a6 a0 03 02 01 05 a1 03 02
Sent Kerberos V5 credentials to server
>>>TELNET: Using type 2
[ Kerberos V5 accepts you as ``ramus@JB_TEST.NERSC.GOV'' ]
>>>TELNET: Request input to be encrypted
CFB64: initial vector received
Initializing Decrypt stream
(*ep->is)(581a3, 9) returned MORE_TO_DO (7)
[ Input is now decrypted with type DES_CFB64 ]
>>>TELNET: Start to decrypt input with type DES_CFB64
At this point, the Display becomes a random mess.
The Trace file is appended below.
I have deleted some of the numeric data for MUTUAL AUTH and MUTUAL RESPONSE.
RCVD DO AUTHENTICATION
SENT WILL AUTHENTICATION
RCVD IAC SB AUTHENTICATION SEND KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|ONE-WAY
SENT IAC SB AUTHENTICATION NAME "ramus"
SENT IAC SB AUTHENTICATION IS KERBEROS_V5 CLIENT|MUTUAL AUTH 110 130 1 170 48 130 1 166
RCVD IAC SB AUTHENTICATION REPLY KERBEROS_V5 CLIENT|MUTUAL RESPONSE 111 89 48 87 160 3 2
RCVD IAC SB AUTHENTICATION REPLY KERBEROS_V5 CLIENT|MUTUAL ACCEPT "ramus@JB_TEST.NERSC.GOV"
RCVD WILL ENCRYPT
SENT DO ENCRYPT
SENT IAC SB ENCRYPT REQUEST-START
SENT IAC SB ENCRYPT SUPPORT DES_CFB64 DES_OFB64
RCVD DO TERMINAL TYPE
SENT WILL TERMINAL TYPE
RCVD DO TSPEED
SENT WILL TSPEED
RCVD DO XDISPLOC
SENT WILL XDISPLOC
RCVD DO NEW-ENVIRON
SENT WILL NEW-ENVIRON
RCVD DO OLD-ENVIRON
SENT WONT OLD-ENVIRON
RCVD IAC SB ENCRYPT IS DES_CFB64 CFB64_IV 102 51 255 219 19 17 30 214
SENT IAC SB ENCRYPT REPLY DES_CFB64 CFB64_IV_OK
RCVD IAC SB TERMINAL-SPEED SEND
SENT IAC SB TERMINAL-SPEED IS 38400,38400
RCVD IAC SB X-DISPLAY-LOCATION SEND
SENT IAC SB X-DISPLAY-LOCATION IS "windsail.nersc.gov:0.0"
RCVD IAC SB NEW-ENVIRON SEND
SENT IAC SB NEW-ENVIRON IS VAR "USER" VALUE "ramus" VAR "PRINTER" VALUE "bgl2" VAR "DISPLAY" VALUE "windsail.nersc.gov:0.0"
RCVD IAC SB TERMINAL-TYPE SEND
SENT IAC SB TERMINAL-TYPE IS "SUN-CMD"
RCVD IAC SB ENCRYPT ENC_KEYID 0
SENT IAC SB ENCRYPT DEC_KEYID 0
RCVD WILL SUPPRESS GO AHEAD
SENT DO SUPPRESS GO AHEAD
RCVD DO ECHO
SENT WONT ECHO
RCVD DO NAWS
SENT WILL NAWS
SENT IAC SB NAWS 0 85 (85) 0 50 (50)
RCVD WILL STATUS
SENT DO STATUS
RCVD DO LFLOW
SENT WILL LFLOW
RCVD IAC SB ENCRYPT START
RCVD IAC 143
