[1647] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

V5b5 vs. V5b4pl3 telnet - encryption key mismatch

daemon@ATHENA.MIT.EDU (Andrew Gross)
Mon Sep 25 02:01:37 1995

Date: Sun, 24 Sep 95 23:01:17 -0700
From: Andrew Gross <drew@drew.sdsc.edu>
To: krb5-bugs@MIT.EDU

Hello,

   I think I have found an encryption key problem in the forwarded
credentials between telnet in V5b5 and V5b4pl3 .  It appears that
in V5b5 in (appl/telnet/libtelnet:kerberos5.c) kerberos5_is() the
auth_context->remote_subkey field is being set.  This causes the
credentials handled by forward.c to use the auth_context->remote_subkey
key for en(de)cryption.  However, V5b4pl3 uses the host/foo session key
for handling the forwarded credentials.  In V5b5 this corresponds to
the auth_context->keyblock .

   Setting auth_context->remote_subkey=0 in the case KRB_FORWARD in
kerberos_is() clears up the problem (but probably breaks something
else).

Thank you,
Andrew Gross


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1647] in Kerberos-V5-bugs

V5b5 vs. V5b4pl3 telnet - encryption key mismatch

daemon@ATHENA.MIT.EDU (Andrew Gross)Mon Sep 25 02:01:37 1995

daemon@ATHENA.MIT.EDU (Andrew Gross)
Mon Sep 25 02:01:37 1995