[686] in Athena Bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[tjcoppet@ATHENA.MIT.EDU: passing null tickets to krb_rd_req() (6.0C)]

daemon@ATHENA.MIT.EDU (Henry Mensch)
Mon Aug 29 15:21:09 1988

Date: Mon, 29 Aug 88 15:20:39 EDT
From: henry@GARP.MIT.EDU (Henry Mensch)
To: bugs@ATHENA.MIT.EDU
Cc: tjcoppet@ATHENA.MIT.EDU
Reply-To: henry@GARP.MIT.EDU

since tom didn't forward this through the regular channels, i will.

-- h
----

REFERENCE:
To: bug-kerberos@ATHENA.MIT.EDU
Subject: passing null tickets to krb_rd_req()  (6.0C)
Date: Mon, 29 Aug 88 07:05:51 EDT
From: Tom Coppeto <tjcoppet@ATHENA.MIT.EDU>

will result in a KSUCCESS if someone on the same machine passed a valid
ticket to the same service within that ticket's lifetime.  The cause is
probably the static declarations of KTEXT- the decryption routines do not
trap a null ticket and return success, so the previous ticket is used. (a
small hole here). Some existing services, like rpc.mountd, are expecting
the kerberos library to handle null cases.

					- Tom


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[686] in Athena Bugs

[tjcoppet@ATHENA.MIT.EDU: passing null tickets to krb_rd_req() (6.0C)]

daemon@ATHENA.MIT.EDU (Henry Mensch)Mon Aug 29 15:21:09 1988

daemon@ATHENA.MIT.EDU (Henry Mensch)
Mon Aug 29 15:21:09 1988