[3090] in Kerberos-V5-bugs
krb5-clients/731: krb5-clients : error with kinit (AIX/DCE)
daemon@ATHENA.MIT.EDU (patton@cacr.caltech.edu)
Tue Jun 29 15:39:11 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, patton@cacr.caltech.edu
Message-Id: <199906291938.MAA19166@bitty.cacr.caltech.edu>
Date: Tue, 29 Jun 1999 12:38:38 -0700 (PDT)
From: patton@cacr.caltech.edu
Reply-To: patton@cacr.caltech.edu
To: krb5-bugs@MIT.EDU
Cc: patton@cacr.caltech.edu
>Number: 731
>Category: krb5-clients
>Synopsis: kinit gets ASN.1 missing field when using a DCE security server
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jun 29 15:39:01 EDT 1999
>Last-Modified:
>Originator: James Patton
>Organization:
Caltech
>Release: krb5-1.0.6
>Environment:
IBM 7015-R24, AIX 4.2.1, IBM C compiler 3.1.3.8
System: AIX bitty 2 4 000027948200
>Description:
kinit fails with the following error message:
kinit: ASN.1 structure is missing a required field while getting
initial credentials
I'm using a DCE security server as the KDC. It is the IBM
DCE package "dce.security.rte" at level 2.1.0.24
(based on DCE 1.1)
Under the debugger, I found that the area creating the error is:
asn1_decode_kdc_rep() line 498 in "asn1_k_decode.c"
decode_krb5_as_rep(), line 311 in "krb5_decode.c"
send_as_request(), line 154 in "get_in_tkt.c"
krb5_get_in_tkt(), line 452 in "get_in_tkt.c"
krb5_get_in_tkt_with_password(), line 123 in "in_tkt_pwd.c"
main(), line 335 in "kinit.c"
The command is:
get_field(val->enc_part,6,asn1_decode_encrypted_data);
There appears to be no tag number 6 in the returned packet.
(The tag number after reading tag 5 is 2147483647)
I've tried building previous versions of Kerberos, including
1.0.5. None of these produce this error, and I am able to acquire
tickets. (I haven't been able to use these earlier versions because
of other problems I'm having with them.)
Here is the /etc/krb5.conf file I'm using:
[libdefaults]
ticket_lifetime = 600
default_realm = cacr.caltech.edu
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
kdc_req_checksum_type = 2
ap_req_checksum_type = 2
safe_checksum_type = 3
ccache_type = 2
[realms]
cacr.caltech.edu = {
kdc = hpssctrl.cacr.caltech.edu:88
admin_server = hpssctrl.cacr.caltech.edu:88
default_domain = cacr.caltech.edu
}
[domain_realm]
cacr.caltech.edu = cacr.caltech.edu
>How-To-Repeat:
Execute kinit
>Fix:
>Audit-Trail:
>Unformatted:
