[1538] in Kerberos_V5_Development
Re: additional bugs for Beta 7
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Aug 12 12:04:29 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbcore@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 12 Aug 1996 12:04:11 -0400
In-Reply-To: "Barry Jaspan"'s message of Mon, 12 Aug 96 10:08:16 -0400
>>>>> "Barry" == "Barry Jaspan" <bjaspan@MIT.EDU> writes:
Barry> * Somehow the kdb code in kdb_dbe_find_enctype to deal
Barry> with making sure DES-MD5 == DES-CRC == DES-RAW got mangled.
Barry> I got some supported enctype errors I don't think I should
Barry> have gotten, but I need to play around with it some. (I
Barry> use a few DES3 keys in this database, so it's mildly
Barry> confusing.)
Barry> I think that code is a botch by design and should be fixed;
Barry> otherwise, we'll have the same problem when we introduce
Barry> new 3DES enctypes with a different checksum scheme. I
Barry> talked to Ted about this a while ago, and I think I put
Barry> some notes on it in my kdb.tex documentation (which maybe I
Barry> never mvoed into the krbdev locker...)
I've been lax on reading your docs; I'll try to catch up on
reading fairly soon. I certainly agree with you that this code is
broken is broken by design, but think patching it for Beta7 well
enough to work with the single-DES datatypes is reasonable. Marc had
some good ideas for how to deal with this long term; I'll try to dig
them up, although I suspect they were mostly fleshed out in a
discussion I had with him in his car.
Barry> * Several of the GSSAPI applications (ftp, gss-client)
Barry> are not displaying usefulKerberos error messages for me,
Barry> but instead are display "unknown code krb5xxx".
Barry> The krb5 gss_init_sec_context() should call
Barry> krb5_init_ets(). It is isn't, that should be easy to fix.
Probably also in accept_sec_context.
--Sam
