[1905] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Krb5 beta5 defect report

daemon@ATHENA.MIT.EDU (Sean Mullan)
Thu May 2 15:31:41 1996

To: krb5-bugs@MIT.EDU
Cc: mullan_s@apollo.hp.com (Sean Mullan), champine@apollo.hp.com
Date: Thu, 02 May 1996 15:30:38 -0400
From: Sean Mullan <mullan_s@apollo.hp.com>

Problem:
An AS request to get a TGT using timestamps preauthentication
(KRB5_PADATA_ENC_UNIX_TIME) will fail if the salt associated
with the principal's account is not the default.

Suggested Fix:
The KDC should return the actual salt in the error packet 
extensible data field (e-data) of the AS response. The client
should then retry the AS request by constructing a new
DES key (and new padata) with the salt returned in the error packet.

Diffs:
Not trivial, will provide if requested.

************************************************************
Sean Mullan                    Phone: (508) 436-4129
Hewlett-Packard Co.         Internet: mullan_s@apollo.hp.com
300 Apollo Drive                 Fax: (508) 436-5140
Chelmsford, MA 01824
************************************************************


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1905] in Kerberos-V5-bugs

Krb5 beta5 defect report

daemon@ATHENA.MIT.EDU (Sean Mullan)Thu May 2 15:31:41 1996

daemon@ATHENA.MIT.EDU (Sean Mullan)
Thu May 2 15:31:41 1996