[9246] in Athena Bugs
decmips 7.3P: kinit (kerberos server bug)
daemon@ATHENA.MIT.EDU (mhpower@Athena.MIT.EDU)
Wed Apr 29 16:37:55 1992
From: mhpower@Athena.MIT.EDU
To: bugs@Athena.MIT.EDU
Cc: dkk@Athena.MIT.EDU
In-Reply-To: [7373] in Athena Bugs
Date: Wed, 29 Apr 92 16:37:35 EDT
System name: podge
Type and version: KN01 7.3P (3 update(s) to same version)
Display type: PMAX-MFB
What were you trying to do?
Obtain Kerberos tickets with different lifetimes.
% kinit -l sipb0
MIT Athena (podge)
Kerberos Initialization for "sipb0"
Kerberos ticket lifetime (minutes): 639
Password:
% klist
Ticket file: /tmp/foo1
Principal: sipb0@ATHENA.MIT.EDU
Issued Expires Principal
Apr 29 15:51:36 Apr 30 02:26:36 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
% kinit -l sipb0
MIT Athena (podge)
Kerberos Initialization for "sipb0"
Kerberos ticket lifetime (minutes): 640
Password:
% klist
Ticket file: /tmp/foo1
Principal: sipb0@ATHENA.MIT.EDU
Issued Expires Principal
Apr 29 15:51:50 Apr 30 13:06:50 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
What's wrong:
It's not possible to obtain ticket lifetimes greater than 639
minutes, but less that 1275 minutes. The kinit man page says:
-l kinit prompts you for a ticket lifetime in minutes. Due to pro-
tocol restrictions in Kerberos Version 4, this value must be
between 5 and 1275 minutes.
Although the library casts the lifetime to a char (where it should
really be unsigned char):
krb_get_in_tkt.c:
*(pkt->dat+(pkt->length)++) = (char) life;
I believe the real problem is in the server, which casts a char to an
unsigned long. Because of this, it acts as if the requested lifetime
was about 4 billion 5-minute intervals, and ends up setting the ticket
lifetime to 1275 minutes.
kerberos.c:
char *ptr;
...
req_life = (u_long) (*ptr++);
...
lifetime = min(req_life, ((u_long) s_name_data.max_life));
lifetime = min(lifetime, ((u_long) a_name_data.max_life));
What should have happened:
The server should extract the unsigned lifetime value from the
packet.
Please describe any relevant documentation references:
kinit(1)
