[2474] in Kerberos-V5-bugs
pending/206: Cross-realm Forward Tickets
daemon@ATHENA.MIT.EDU (Doug Engert)
Tue Nov 19 14:17:47 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, Doug Engert <DEEngert@anl.gov>
Date: Tue, 19 Nov 1996 13:14:18 -0600
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
>Number: 206
>Category: pending
>Synopsis: Cross-realm Forward Tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 19 14:15:01 EST 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Synopsis:
Unable to forward a ticket across realms.
Description:
The src/lib/krb5/krb/fwd_tgt.c routine works correctly when used
within a single realm, but fails when used between realms.
It should be requesting a TGT for the client from the client's realm.
This then allows a client such as klogin to forward a TGT for the
user to a foreign realm, as if the user had logged in and
entered "kinit user@local.realm"
Fix:
*** ,fwd_tgt.c Sun Apr 28 09:22:54 1996
--- fwd_tgt.c Mon Nov 18 19:28:59 1996
***************
*** 77,84 ****
goto errout;
if ((retval = krb5_build_principal_ext(context, &creds.server,
! server->realm.length,
! server->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
client->realm.length,
--- 77,84 ----
goto errout;
if ((retval = krb5_build_principal_ext(context, &creds.server,
! client->realm.length,
! client->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
client->realm.length,
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444 <New Area Code 8/3/96>
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F
