[6338] in Athena Bugs
Kerberos Generic error, RT 7.1H
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon Nov 5 06:15:31 1990
Date: Mon, 5 Nov 90 06:14:51 -0500
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
To: Saltzer@mit.edu
Cc: bugs@ATHENA.MIT.EDU, jtkohl@ATHENA.MIT.EDU, jon@ATHENA.MIT.EDU
In-Reply-To: bugs[6311]
Date: Wed, 31 Oct 90 22:57:38 EST
From: Jerome H Saltzer <Saltzer@mit.edu>
Sender: <Saltzer@mit.edu>
Repository: PTT
Originating-Client: laptop
16> telnet ne43-513-2
MIT Project Athena (NE43-513-2)
login: Saltzer
password:
Kerberos: Generic Error: get_intkt
login:
The simple answer is, "This means you typed your password wrong."
The question which naturally leads from that answer is, "So, why
didn't it say "password incorrect" instead of "Generic Error:
get_intkt?"
The code that decides whether or not the tgt from the server was
decrypted properly is a little bit flakey; in the past, we've had
problems with login coredumping because it decided that an incorrect
password was correct and then went on to try to use the bogus
information in the badly-decrypted tgt.
To solve that problem, the code that decides if the packet was
decrypted was enhanced to do a bit more checking. However, it is
possible for the tgt to get past the "first level" of checking, i.e.
the level that would return password incorrect, and get to the second
level, before the library realizes anything is wrong. If that
happens, generic error is returned instead of password incorrect.
This isn't likely to get fixed, considering that Kerberos V4 is frozen
and we're devoting most (if not all) of our effort to V5, and besides,
it's not a serious bug at all.
Jonathan Kamens
Project Athena Quality Assurance
