[krbdev.mit.edu #5438] broken referrals logic for single component principals
The RT System itself via RT
rt-comment at krbdev.mit.edu
Mon Feb 12 14:57:01 EST 2007
>From krb5-bugs-incoming-bounces at PCH.mit.edu Mon Feb 12 14:56:54 2007
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id OAA12220; Mon, 12 Feb 2007 14:56:54 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l1CJuOfx007794;
Mon, 12 Feb 2007 14:56:24 -0500
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l1CGqtYM025537
for <krb5-bugs-incoming at PCH.mit.edu>; Mon, 12 Feb 2007 11:52:55 -0500
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
l1CGqck3020303
for <krb5-bugs at mit.edu>; Mon, 12 Feb 2007 11:52:38 -0500 (EST)
Received: from COPPERWALL.andrew.cmu.edu (COPPERWALL.andrew.cmu.edu
[128.2.120.35]) by mit.edu (Spam Firewall) with ESMTP id 9B0FF2CBDA8
for <krb5-bugs at mit.edu>; Mon, 12 Feb 2007 11:52:34 -0500 (EST)
Received: by COPPERWALL.andrew.cmu.edu (Postfix, from userid 500)
id 1F8FC2F9BD; Fri, 9 Feb 2007 16:25:44 -0500 (EST)
To: krb5-bugs at mit.edu
Subject: referrals logic in client does not handle single component principals
From: cg2v at COPPERWALL.andrew.cmu.edu
X-send-pr-version: 3.99
Message-Id: <20070212165210.1F8FC2F9BD at COPPERWALL.andrew.cmu.edu>
Date: Fri, 9 Feb 2007 16:25:44 -0500 (EST)
X-Spam-Score: 4.84
X-Spam-Level: **** (4.84)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Mon, 12 Feb 2007 14:56:23 -0500
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: cg2v at COPPERWALL.andrew.cmu.edu
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
>Submitter-Id: net
>Originator: Chaskiel Grundman <cg2v at andrew.cmu.edu>
>Organization:
Carnegie Mellon University
>Confidential: no
>Synopsis: broken referrals logic for single component principals
>Severity: non-critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.6
>Environment:
System: Linux copperwall.andrew.cmu.edu 2.6.17-1.2157_FC5smp #1 SMP Tue Jul 11 23:24:16 EDT 2006 i686 i686 i386 GNU/Linux
Architecture: i686
>Description:
when a client application asks for a referral for a single-component principal
name, krb5_get_credentials asks the kdc for a referral. This seems
bad, as there is no way for anyone to know what realm is actually relevant to
the client's request.
>How-To-Repeat:
1) authenticate as a prinicpal in a realm with a single component service
principal (say afs; e.g. ANDREW.CMU.EDU, CS.CMU.EDU, DEMENTIA.ORG)
2) kvno afs@
3) at least with heimdal kdc's, this succeeds and puts an afs@ ticket
in the cred cache.
>Fix:
More information about the krb5-bugs
mailing list