[1888] in Kerberos-V5-bugs
encryption handling breaks Beta3 support
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Apr 18 17:43:57 1996
Date: Thu, 18 Apr 1996 17:43:16 -0400
From: Sam Hartman <hartmans@MIT.EDU>
To: krb5-bugs@MIT.EDU
While testing changes to telnetd's option handling, I
discovered (thanks to jhawk's Beta3 telnet client) that the old code
apparently doesn't support two Kerberos5 mutual authentication types
in the auth send suboption. The current code sends both mutual
authentication with and without encryption , giving the following
failure:
telnet> open tertius 17
Trying 18.245.0.93...
Connected to tertius.mit.edu.
Escape character is '^]'.
>>>TELNET: I will support DES_CFB64
>>>TELNET: I will support DES_OFB64
RCVD DO AUTHENTICATION
SENT WILL AUTHENTICATION
RCVD IAC SB AUTHENTICATION SEND KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|ONE-WAY KERBEROS_V4 CLIENT|MUTUAL KERBEROS_V4 CLIENT|ONE-WAY
Internal state error: cannot find authentication type 2 a second time
SENT IAC SB AUTHENTICATION IS NULL CLIENT|ONE-WAY
A newer telnet looks like:
telnet> open tertius 17
Trying 18.245.0.93...
Connected to tertius.mit.edu.
Escape character is '^]'.
SENT WILL AUTHENTICATION
SENT DO ENCRYPT
SENT WILL ENCRYPT
RCVD DO AUTHENTICATION
RCVD IAC SB AUTHENTICATION SEND KERBEROS_V5 CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|ONE-WAY KERBEROS_V4 CLIENT|MUTUAL KERBEROS_V4 CLIENT|ONE-WAY
SENT IAC SB AUTHENTICATION NAME "hartmans"
As you can see, information is not properly understood by the
old client.
--Sam
P.S. Will the old client handle checksums correctly?
