[3377] in Kerberos-V5-bugs
krb5-clients/1146: string2key gets wrong salt with Heimdal KDC and converted AFS accounts
daemon@ATHENA.MIT.EDU (Wolfgang.Friebel@cern.ch)
Fri Aug 9 11:33:21 2002
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@mit.edu, Wolfgang.Friebel@cern.ch
Message-Id: <20020809153143.E18541817@pcitdis18.cern.ch>
From: Wolfgang.Friebel@cern.ch
Reply-To: Wolfgang.Friebel@cern.ch
To: krb5-bugs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Fri, 9 Aug 2002 17:31:43 +0200 (CEST)
>Number: 1146
>Category: krb5-clients
>Synopsis: string2key gets wrong salt with Heimdal KDC and converted AFS accounts
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Aug 9 11:32:01 EDT 2002
>Last-Modified:
>Originator: Wolfgang FRIEBEL
>Organization:
CERN
>Release: krb5-1.2.5
>Environment:
System: Linux pcitdis18 2.4.9-31.1.cern #1 Thu Apr 4 22:42:20 CEST 2002 i686 unknown
Architecture: i686
Client (kinit) running against Heimdal KDC (0.4e) on Solaris
>Description:
A Kerberos4 database was converted with Heimdal tools to K5 and is running with a Heimdal KDC
Authentication with Heimdal Clients is ok, authentication with MIT clients does not work for
the AFS salted entries. New entries and entries that got new enctypes trough a password change
do work. Debugging showed that in string2key the salt->data string had a '@' character appended.
By removing the trailing character the MIT client works as well.
>How-To-Repeat:
see description
>Fix:
The following context diff solved the problem, but this is only a workaround. I do actually not
know whether the bug is in the MIT client code or in the Heimdal server code.
*** krb5-1.2.5/src/lib/crypto/des/string2key.c Fri Sep 24 23:17:09 1999
--- krb5-1.2.5/src/lib/crypto/des/string2key.c.new Fri Aug 9 16:48:39 2002
***************
*** 99,104 ****
--- 99,107 ----
if (salt) {
if (salt->length == -1) {
/* cheat and do AFS string2key instead */
+ char *c;
+ c=strchr(salt->data, '@');
+ if ( c >= 0 ) *c = '\0';
return mit_afs_string_to_key (keyblock, data, salt);
} else
length = data->length + salt->length;
>Audit-Trail:
>Unformatted:
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
