[839] in Kerberos-V5-bugs
Re: patch level 0 -> patch level 2 breakage
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sat Oct 8 01:08:45 1994
Date: Sat, 8 Oct 1994 01:08:41 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: *Hobbit* <hobbit@asylum.sf.ca.us>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: hobbit@asylum.sf.ca.us's message of Fri, 7 Oct 1994 23:51:19 -0400,
<199410080351.XAA21135@asylum.sf.ca.us>
Date: Fri, 7 Oct 1994 23:51:19 -0400
From: *Hobbit* <hobbit@asylum.sf.ca.us>
src/admin/create/kdb5_create.c contains somewhere in add_principal() ...
entry.mkvno = 0; /* patch level 0 */
or
entry.mkvno = 1; /* patch level 2 */
Guess what? This seems to break v4 backward compatibility; a v4 kinit
hands me "incorrect master key version (kerberos)". Like it should really
care. Dumping the database, munging all the mkvnos to 0 [and maybe
the entry kvnos as well, now I can't FUCKING REPRODUCE IT] and
reloading it allowed me, at least once, to get tickets I added with
"av4k".
This problem is fixed in patch level 3. The problem was that the V4
compatibility code wasn't properly initializing the master key version
number to be checking against it in the KDC. When the mkvno was 0, it
just worked by serendipity.....
I suggest you get patch level 3 and see if some of your problems go
away. There were quite a few bug fixes made in pl3.
- Ted
