[2573] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-libs/290: fwd_tgt_creds fails when doing cross-realm

daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Dec 10 14:03:31 1996

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, kenh@cmf.nrl.navy.mil
Date: Tue, 10 Dec 1996 14:02:00 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU


>Number:         290
>Category:       krb5-libs
>Synopsis:       krb5_fwd_tgt_creds fails when forwarding tickets to a machine in another realm
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue Dec 10 14:03:01 EST 1996
>Last-Modified:
>Originator:     Ken Hornstein
>Organization:
Naval Research Lab
>Release:        1.0-development
>Environment:
    	
System: SunOS elvis 4.1.3_U1 13 sun4m
Architecture: sun4

>Description:
	
(Forgive me if this was posted before).

When you use Kerberos telnet/rlogin to connect to a machine in a foreign
realm, krb5_fwd_tgt_creds tries to forward the following ticket:

krbtgt/LOCALREALM@FOREIGNREALM

This fails miserably, because for cross-cell, you're supposed to be using
krbtgt/FOREIGNREALM@LOCALREALM.

However, forwarding the cross-cell ticket doesn't seem to make sense at all,
because it seems to me you really want to forward the TGT from your realm
(since an authentication path may not exist in the reverse direction, but
since you're already authenticated to a machine in a local realm, then
there is already a valid authentication path).  I think this code should
really be changed to use your regular TGT.

>How-To-Repeat:
	
Try to forward a TGT to a machine in another realm.
>Fix:
	
This makes fwd_tgt use the same name for both the realm and the instance of
the TGT.

--- lib/krb5/krb/fwd_tgt.c.orig	Tue Dec 10 13:42:41 1996
+++ lib/krb5/krb/fwd_tgt.c	Tue Dec 10 13:47:00 1996
@@ -77,8 +77,8 @@
 	goto errout;
     
     if ((retval = krb5_build_principal_ext(context, &creds.server,
-					   server->realm.length,
-					   server->realm.data,
+					   client->realm.length,
+					   client->realm.data,
 					   KRB5_TGS_NAME_SIZE,
 					   KRB5_TGS_NAME,
 					   client->realm.length,
>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post