[3560] in Kerberos-V5-bugs
[krbdev.mit.edu #1230] Confirmed broken but test tools all seem to indicate it should work
daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Sun Oct 27 17:55:33 2002
Message-Id: <rt-1230-3234.14.9225340967946@krbdev.mit.edu>
In-Reply-To: <rt-1230@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Sun, 27 Oct 2002 17:52:20 -0500 (EST)
I tried the test again with a setup where I controlled all the KDCs
involved. I still get denied by KDC policy.
However,
hartmans@tir-na-nogth:kdc(1512)> ./rtest "" SUCHDAMAGE.ORG FOO.SUCHDAMAGE.ORG ATHENA.MIT.EDU
SUCHDAMAGE.ORG
hartmans@tir-na-nogth:krb(1514)> ./t_expand -v FOO.SUCHDAMAGE.ORG ATHENA.MIT.EDU SUCHDAMAGE.ORG
krb5_check_transited_list(trans="SUCHDAMAGE.ORG", crealm="FOO.SUCHDAMAGE.ORG", srealm="ATHENA.MIT.EDU")
tgs list = {
'krbtgt/FOO.SUCHDAMAGE.ORG@FOO.SUCHDAMAGE.ORG'
'krbtgt/SUCHDAMAGE.ORG@FOO.SUCHDAMAGE.ORG'
'krbtgt/ORG@SUCHDAMAGE.ORG'
'krbtgt/EDU@ORG'
'krbtgt/MIT.EDU@EDU'
'krbtgt/ATHENA.MIT.EDU@MIT.EDU'
}
client realm: FOO.SUCHDAMAGE.ORG
server realm: ATHENA.MIT.EDU
transit enc.: SUCHDAMAGE.ORG
.. checking 'SUCHDAMAGE.ORG'
YES
And looking at the KDC code in do_tgs_req.c I do not see obvious problems.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
