[1659] in Kerberos-V5-bugs
probs with v4 backwards compat in 5b5
daemon@ATHENA.MIT.EDU (Vladimir Vukicevic)
Sun Oct 8 00:36:00 1995
To: krb5-bugs@MIT.EDU
Reply-To: vladimir@Intrepid.COM
Date: Sat, 07 Oct 1995 21:33:24 -0700
From: Vladimir Vukicevic <vladimir@Intrepid.COM>
Hi.. I'm having some problems with getting kerberos 4 clients to work
with krb5b5. I've set up a seperate krb4 srvtab, but, first problem is
that xst4 in kdb5_edit is giving a srvtab with the key version set to
0 -- which is the wildcard key in v4's read_service_key(). In the v4
code, the key which is (normally) requested is one with version 1 -- at
least, that's what I'm seeing when krb_rd_req is called from telnet.
So, kerberos never finds a valid service key (since there's always a
key version mismatch), and fails the authorization.
I sort of hacked this out, by simply ignoring the version number if it's
0 in the srvtab file, but this introduced another problem. v4
krb_rd_req calls krb_set_key, which in turn calls des_key_sched. In b5,
des_key_sched gets translated to mit_des_key_sched via des425. However,
mit_des_key_sched returns -1 because of a parity error. (The end
result of this is that whatever client was calling it core dumps, since
the -1 gets propagated to a point where it's used as an index into
krb_err_txt... instant kablooie. :-)
Is there something obvious that I'm missing here?
Also, I built b5 for IRIX 5.2 (or 5.3).. if you haven't already got the
patches, I'll send them. It's mainly fixes for the way sgi handles
pty's in the appl code.
Thanks!
- Vladimir
