[3066] in Kerberos-V5-bugs
Re: krb5-libs/710: Multi-realm bug in lib/krb4/decomp_tkt.c
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Apr 8 13:46:14 1999
Date: Thu, 8 Apr 1999 13:46:06 -0400 (EDT)
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krb5-bugs@MIT.EDU, bbense@stanford.edu
Cc: krb5-unassigned@RT-11.MIT.EDU, gnats-admin@RT-11.MIT.EDU,
krb5-prs@RT-11.MIT.EDU
In-Reply-To: bbense@stanford.edu's message of Thu, 8 Apr 1999 12:52:02 -0400,
<199904081652.MAA08444@rt-11.MIT.EDU>
Date: Thu, 8 Apr 1999 09:51:40 -0700 (PDT)
From: bbense@stanford.edu
>Description:
A library compiled on one realm will not work on another realm
if the realm field is missing from the ticket.
>How-To-Repeat:
Build a kadmind to serve one realm with libkrb4 compiled with
a different default realm.
So exactly when does this happen?? I assume this is with a V4 kadmind,
but it doesn't seem to refer to the default realm unless it can't find
the local realm, and I can't see how that would cause the client realm
to be NULL in the ticket in any case.
That code was there only for backwards compatibility with very old
Kerberos V4 servers that didn't fill in the client realm in the ticket,
and that shouldn't apply to any modern systems.
- Ted
