From rt-comment at krbdev.mit.edu Wed Nov 4 11:34:20 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Wed, 4 Nov 2009 16:34:20 +0000 (UTC) Subject: [krbdev.mit.edu #6573] Fix preauth looping in krb5_get_init_creds In-Reply-To: Message-ID: Index: get_in_tkt.c =================================================================== --- get_in_tkt.c (revision 22396) +++ get_in_tkt.c (working copy) @@ -1331,8 +1331,7 @@ &out_padata, &retry); if (ret !=0) goto cleanup; - if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED ||err_reply->error == KDC_ERR_PREAUTH_FAILED) -&& retry) { + if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && retry) { /* reset the list of preauth types to try */ if (preauth_to_use) { krb5_free_pa_data(context, preauth_to_use); From rt-comment at krbdev.mit.edu Mon Nov 9 01:13:35 2009 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 9 Nov 2009 06:13:35 +0000 (UTC) Subject: [krbdev.mit.edu #6579] SVN Commit In-Reply-To: Message-ID: Quoting problems in pattern matching on the OS name cause Solaris versions up through 9 to not be properly recognized in the thread-system configuration setup. This causes our libraries to make the erroneous assumption that valid thread support routines are available on all Solaris systems, rather than just assuming it for Solaris 10 and later. The result is assertion failures like this one reported by Meraj Mohammed and others: Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63 Thanks to Tom Shaw for noticing the cause of the problem. The bug may be present in the 1.6.x series as well. http://src.mit.edu/fisheye/changelog/krb5/?cs=23144 Commit By: raeburn Revision: 23144 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Mon Nov 9 11:56:02 2009 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 9 Nov 2009 16:56:02 +0000 (UTC) Subject: [krbdev.mit.edu #6579] SVN Commit In-Reply-To: Message-ID: Revise patch to avoid using changequote. http://src.mit.edu/fisheye/changelog/krb5/?cs=23145 Commit By: raeburn Revision: 23145 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Thu Nov 12 14:21:27 2009 From: rt-comment at krbdev.mit.edu (Kevin Wang via RT) Date: Thu, 12 Nov 2009 19:21:27 +0000 (UTC) Subject: [krbdev.mit.edu #5497] sendauth rejected, error reply is: " Wrong principal in request" In-Reply-To: Message-ID: Dear friends: I also found the problem while doing the experiment of krb5. All is well until I run the client to connect to the server. This is the command of server: ./sserver -p 8899 -s sample -S /etc/krb5.keytab. After that it waited for the connection. And this is command of client:./sclient kerberos.example.com 8899 sample. When done,it shows the following: connected, sendauth rejected, error reply is: " Wrong principal in request" I googled it, then found this page: http://mailman.mit.edu/pipermail/krb5-bugs/2007-March/005505.html but with no solutions. Hope to get a solution. Looking forward to your reply. Thank you.[?] The following is the evironment. Maybe it will help. The version of kerberos I use for experiment is krb5-1.6.3 in the form of tar.gz package. I did this under Fedora 9(i386) ver: 9(Sulphur) kernel:Linux 2.6.25-14.fc9.i686 GNOME 2.22.1 kadmin.local: add_policy -maxlife 180days -minlife 2days -minlength 8 -minclasses 3 -history 10 default [root at localhost sbin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: test1/kerberos.example.com at EXAMPLE.COM Valid starting Expires Service principal 11/12/09 20:34:58 11/13/09 20:34:58 krbtgt/EXAMPLE.COM at EXAMPLE.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached kadmin: listprincs K/M at EXAMPLE.COM admin/admin at EXAMPLE.COM kadmin/admin at EXAMPLE.COM kadmin/changepw at EXAMPLE.COM kadmin/history at EXAMPLE.COM kadmin/localhost.localdomain at EXAMPLE.COM krbtgt/EXAMPLE.COM at EXAMPLE.COM sample/kerberos.example.com at EXAMPLE.COM test1/kerberos.example.com at EXAMPLE.COM test2/kerberos.example.com at EXAMPLE.COM From rt-comment at krbdev.mit.edu Fri Nov 13 23:46:31 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Sat, 14 Nov 2009 04:46:31 +0000 (UTC) Subject: [krbdev.mit.edu #6580] SVN Commit In-Reply-To: Message-ID: Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. http://src.mit.edu/fisheye/changelog/krb5/?cs=23160 Commit By: ghudson Revision: 23160 Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/krb5/krb5.hin U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/kdc_authdata.c U trunk/src/lib/krb5/asn.1/asn1_k_decode.c U trunk/src/lib/krb5/asn.1/asn1_k_decode.h U trunk/src/lib/krb5/asn.1/asn1_k_encode.c U trunk/src/lib/krb5/asn.1/krb5_decode.c U trunk/src/lib/krb5/krb/copy_auth.c U trunk/src/lib/krb5/krb/kfree.c U trunk/src/lib/krb5/libkrb5.exports U trunk/src/plugins/authdata/greet_server/greet_auth.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif U trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c U trunk/src/tests/asn.1/krb5_decode_leak.c U trunk/src/tests/asn.1/krb5_decode_test.c U trunk/src/tests/asn.1/krb5_encode_test.c U trunk/src/tests/asn.1/ktest.c U trunk/src/tests/asn.1/ktest.h U trunk/src/tests/asn.1/ktest_equal.c U trunk/src/tests/asn.1/ktest_equal.h U trunk/src/tests/asn.1/reference_encode.out U trunk/src/tests/asn.1/trval_reference.out From rt-comment at krbdev.mit.edu Thu Nov 19 17:17:04 2009 From: rt-comment at krbdev.mit.edu (nicholas lee via RT) Date: Thu, 19 Nov 2009 22:17:04 +0000 (UTC) Subject: [krbdev.mit.edu #6581] [Kinit Fail]unable to contact any kdc In-Reply-To: Message-ID: to ALL: In my network, I have several machins. One of them(IP: 1.1.1.1) fail to use kinit with the following err: --------------------------------------------------------------------------------------------------------------------------- kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials --------------------------------------------------------------------------------------------------------------------------- (P.S. the other machines in my network works perfect with the same config files) While, on the other hand, I search my kdc log and find the following: --------------------------------------------------------------------------------------------------------------------------- Nov 17 21:34:55 krb.mst.org krb5kdc[13475]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 1.1.1.1: ISSUE: authtime 1258464895, etypes {rep=16 tkt=16 ses=16}, kaka at REALM.COM for krbtgt/REALM.COM @REALM.COM Nov 17 21:34:55 krb.mst.org krb5kdc[13475]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 1.1.1.1: ISSUE: authtime 1258464895, etypes {rep=16 tkt=16 ses=16}, kaka at REALM.COM for krbtgt/REALM.COM @REALM.COM Nov 17 21:34:56 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:13 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:17 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:25 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:29 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:29 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:30 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response Nov 17 21:35:30 krb.mst.org krb5kdc[13475]: DISPATCH: repeated (retransmitted?) request from 1.1.1.1, resending previous response --------------------------------------------------------------------------------------------------------------------------- My kerberos version : ---------------------------------------- $ rpm -qa|grep krb krbafs-devel-1.2.2-6 krb5-workstation-1.3.4-27 krb5-devel-1.3.4-27 krb5-libs-1.3.4-27 krbafs-1.2.2-6 pam_krb5-2.1.8-1 ---------------------------------------- Has anyone met the above wired thing and can share his/her solution ? -- I come from the past to save the future........ From rt-comment at krbdev.mit.edu Fri Nov 20 23:50:56 2009 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Sat, 21 Nov 2009 04:50:56 +0000 (UTC) Subject: [krbdev.mit.edu #6582] SVN Commit In-Reply-To: Message-ID: Fix minor memory leak introduced by the ipropd integration. http://src.mit.edu/fisheye/changelog/krb5/?cs=23296 Commit By: epeisach Revision: 23296 Changed Files: U trunk/src/lib/kadm5/clnt/client_init.c From rt-comment at krbdev.mit.edu Sun Nov 22 09:58:55 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Sun, 22 Nov 2009 14:58:55 +0000 (UTC) Subject: [krbdev.mit.edu #6583] SVN Commit In-Reply-To: Message-ID: Remove libpty, gssftp, telnet, and the bsd applications from the source tree, build system, and tests. Docs still need to be updated to remove mentions of the applications. The build system should be simplified now that we're down to one configure script and don't need some of the functionality currently in aclocal.m4. http://src.mit.edu/fisheye/changelog/krb5/?cs=23305 Commit By: ghudson Revision: 23305 Changed Files: U trunk/src/appl/Makefile.in D trunk/src/appl/bsd/ D trunk/src/appl/gssftp/ D trunk/src/appl/libpty/ D trunk/src/appl/telnet/ U trunk/src/configure.in D trunk/src/tests/dejagnu/krb-root/ D trunk/src/tests/dejagnu/krb-standalone/gssftp.exp D trunk/src/tests/dejagnu/krb-standalone/rcp.exp D trunk/src/tests/dejagnu/krb-standalone/rsh.exp From rt-comment at krbdev.mit.edu Sun Nov 22 12:00:46 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Sun, 22 Nov 2009 17:00:46 +0000 (UTC) Subject: [krbdev.mit.edu #6583] SVN Commit In-Reply-To: Message-ID: Remove functions from aclocal.m4 which are no longer needed now that the applications are unbundled. http://src.mit.edu/fisheye/changelog/krb5/?cs=23306 Commit By: ghudson Revision: 23306 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Sun Nov 22 13:13:31 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Sun, 22 Nov 2009 18:13:31 +0000 (UTC) Subject: [krbdev.mit.edu #6583] SVN Commit In-Reply-To: Message-ID: Consolidate Makefile variables now that we have only a single global configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) http://src.mit.edu/fisheye/changelog/krb5/?cs=23308 Commit By: ghudson Revision: 23308 Changed Files: U trunk/src/Makefile.in U trunk/src/appl/Makefile.in U trunk/src/appl/gss-sample/Makefile.in U trunk/src/appl/gss-sample/deps U trunk/src/appl/sample/Makefile.in U trunk/src/appl/sample/sclient/Makefile.in U trunk/src/appl/sample/sserver/Makefile.in U trunk/src/appl/simple/Makefile.in U trunk/src/appl/simple/client/Makefile.in U trunk/src/appl/simple/server/Makefile.in U trunk/src/appl/user_user/Makefile.in U trunk/src/ccapi/Makefile.in U trunk/src/ccapi/common/Makefile.in U trunk/src/ccapi/common/unix/Makefile.in U trunk/src/ccapi/lib/Makefile.in U trunk/src/ccapi/lib/deps U trunk/src/ccapi/lib/unix/Makefile.in U trunk/src/ccapi/server/Makefile.in U trunk/src/ccapi/server/deps U trunk/src/ccapi/server/unix/Makefile.in U trunk/src/ccapi/test/Makefile.in U trunk/src/clients/Makefile.in U trunk/src/clients/kcpytkt/Makefile.in U trunk/src/clients/kdeltkt/Makefile.in U trunk/src/clients/kdestroy/Makefile.in U trunk/src/clients/kdestroy/deps U trunk/src/clients/kinit/Makefile.in U trunk/src/clients/kinit/deps U trunk/src/clients/klist/Makefile.in U trunk/src/clients/klist/deps U trunk/src/clients/kpasswd/Makefile.in U trunk/src/clients/kpasswd/deps U trunk/src/clients/ksu/Makefile.in U trunk/src/clients/ksu/deps U trunk/src/clients/kvno/Makefile.in U trunk/src/clients/kvno/deps U trunk/src/config/lib.in U trunk/src/config/libnover.in U trunk/src/config/libobj.in U trunk/src/config/post.in U trunk/src/config/pre.in U trunk/src/config/shlib.conf U trunk/src/config/win-pre.in U trunk/src/config-files/Makefile.in U trunk/src/gen-manpages/Makefile.in U trunk/src/include/Makefile.in U trunk/src/kadmin/Makefile.in U trunk/src/kadmin/cli/Makefile.in U trunk/src/kadmin/cli/deps U trunk/src/kadmin/dbutil/Makefile.in U trunk/src/kadmin/dbutil/deps U trunk/src/kadmin/kdbkeys/Makefile.in U trunk/src/kadmin/ktutil/Makefile.in U trunk/src/kadmin/ktutil/deps U trunk/src/kadmin/server/Makefile.in U trunk/src/kadmin/server/deps U trunk/src/kadmin/testing/Makefile.in U trunk/src/kadmin/testing/scripts/Makefile.in U trunk/src/kadmin/testing/util/Makefile.in U trunk/src/kadmin/testing/util/deps U trunk/src/kdc/Makefile.in U trunk/src/kdc/deps U trunk/src/lib/Makefile.in U trunk/src/lib/apputils/Makefile.in U trunk/src/lib/apputils/deps U trunk/src/lib/crypto/Makefile.in U trunk/src/lib/crypto/builtin/Makefile.in U trunk/src/lib/crypto/builtin/aes/Makefile.in U trunk/src/lib/crypto/builtin/aes/deps U trunk/src/lib/crypto/builtin/arcfour/Makefile.in U trunk/src/lib/crypto/builtin/arcfour/deps U trunk/src/lib/crypto/builtin/deps U trunk/src/lib/crypto/builtin/des/Makefile.in U trunk/src/lib/crypto/builtin/des/deps U trunk/src/lib/crypto/builtin/enc_provider/Makefile.in U trunk/src/lib/crypto/builtin/enc_provider/deps U trunk/src/lib/crypto/builtin/hash_provider/Makefile.in U trunk/src/lib/crypto/builtin/hash_provider/deps U trunk/src/lib/crypto/builtin/md4/Makefile.in U trunk/src/lib/crypto/builtin/md4/deps U trunk/src/lib/crypto/builtin/md5/Makefile.in U trunk/src/lib/crypto/builtin/md5/deps U trunk/src/lib/crypto/builtin/sha1/Makefile.in U trunk/src/lib/crypto/builtin/sha1/deps U trunk/src/lib/crypto/crypto_tests/Makefile.in U trunk/src/lib/crypto/krb/Makefile.in U trunk/src/lib/crypto/krb/crc32/Makefile.in U trunk/src/lib/crypto/krb/crc32/deps U trunk/src/lib/crypto/krb/deps U trunk/src/lib/crypto/krb/dk/Makefile.in U trunk/src/lib/crypto/krb/dk/deps U trunk/src/lib/crypto/krb/keyhash_provider/Makefile.in U trunk/src/lib/crypto/krb/keyhash_provider/deps U trunk/src/lib/crypto/krb/old/Makefile.in U trunk/src/lib/crypto/krb/old/deps U trunk/src/lib/crypto/krb/prf/Makefile.in U trunk/src/lib/crypto/krb/prf/deps U trunk/src/lib/crypto/krb/rand2key/Makefile.in U trunk/src/lib/crypto/krb/rand2key/deps U trunk/src/lib/crypto/krb/raw/Makefile.in U trunk/src/lib/crypto/krb/raw/deps U trunk/src/lib/crypto/krb/yarrow/Makefile.in U trunk/src/lib/crypto/krb/yarrow/deps U trunk/src/lib/crypto/openssl/Makefile.in U trunk/src/lib/crypto/openssl/aes/Makefile.in U trunk/src/lib/crypto/openssl/aes/deps U trunk/src/lib/crypto/openssl/arcfour/Makefile.in U trunk/src/lib/crypto/openssl/arcfour/deps U trunk/src/lib/crypto/openssl/deps U trunk/src/lib/crypto/openssl/des/Makefile.in U trunk/src/lib/crypto/openssl/des/deps U trunk/src/lib/crypto/openssl/enc_provider/Makefile.in U trunk/src/lib/crypto/openssl/enc_provider/deps U trunk/src/lib/crypto/openssl/hash_provider/Makefile.in U trunk/src/lib/crypto/openssl/hash_provider/deps U trunk/src/lib/crypto/openssl/md4/Makefile.in U trunk/src/lib/crypto/openssl/md4/deps U trunk/src/lib/crypto/openssl/md5/Makefile.in U trunk/src/lib/crypto/openssl/md5/deps U trunk/src/lib/crypto/openssl/sha1/Makefile.in U trunk/src/lib/crypto/openssl/sha1/deps U trunk/src/lib/gssapi/Makefile.in U trunk/src/lib/gssapi/generic/Makefile.in U trunk/src/lib/gssapi/generic/deps U trunk/src/lib/gssapi/krb5/Makefile.in U trunk/src/lib/gssapi/krb5/deps U trunk/src/lib/gssapi/mechglue/Makefile.in U trunk/src/lib/gssapi/mechglue/deps U trunk/src/lib/gssapi/spnego/Makefile.in U trunk/src/lib/gssapi/spnego/deps U trunk/src/lib/kadm5/Makefile.in U trunk/src/lib/kadm5/clnt/Makefile.in U trunk/src/lib/kadm5/clnt/deps U trunk/src/lib/kadm5/deps U trunk/src/lib/kadm5/srv/Makefile.in U trunk/src/lib/kadm5/srv/deps U trunk/src/lib/kadm5/unit-test/Makefile.in U trunk/src/lib/kadm5/unit-test/deps U trunk/src/lib/kdb/Makefile.in U trunk/src/lib/kdb/deps U trunk/src/lib/krb5/Makefile.in U trunk/src/lib/krb5/asn.1/Makefile.in U trunk/src/lib/krb5/asn.1/deps U trunk/src/lib/krb5/ccache/Makefile.in U trunk/src/lib/krb5/ccache/ccapi/Makefile.in U trunk/src/lib/krb5/ccache/ccapi/deps U trunk/src/lib/krb5/ccache/deps U trunk/src/lib/krb5/deps U trunk/src/lib/krb5/error_tables/Makefile.in U trunk/src/lib/krb5/keytab/Makefile.in U trunk/src/lib/krb5/keytab/deps U trunk/src/lib/krb5/krb/Makefile.in U trunk/src/lib/krb5/krb/deps U trunk/src/lib/krb5/os/Makefile.in U trunk/src/lib/krb5/os/deps U trunk/src/lib/krb5/posix/Makefile.in U trunk/src/lib/krb5/rcache/Makefile.in U trunk/src/lib/krb5/rcache/deps U trunk/src/lib/krb5/unicode/Makefile.in U trunk/src/lib/krb5/unicode/deps U trunk/src/lib/rpc/Makefile.in U trunk/src/lib/rpc/deps U trunk/src/lib/rpc/unit-test/Makefile.in U trunk/src/lib/rpc/unit-test/deps U trunk/src/plugins/authdata/greet/Makefile.in U trunk/src/plugins/authdata/greet/deps U trunk/src/plugins/authdata/greet_client/Makefile.in U trunk/src/plugins/authdata/greet_client/deps U trunk/src/plugins/authdata/greet_server/Makefile.in U trunk/src/plugins/authdata/greet_server/deps U trunk/src/plugins/kdb/db2/Makefile.in U trunk/src/plugins/kdb/db2/deps U trunk/src/plugins/kdb/db2/libdb2/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/btree/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/btree/deps U trunk/src/plugins/kdb/db2/libdb2/db/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/hash/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/mpool/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/recno/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/test/Makefile.in U trunk/src/plugins/kdb/hdb/Makefile.in U trunk/src/plugins/kdb/hdb/deps U trunk/src/plugins/kdb/ldap/Makefile.in U trunk/src/plugins/kdb/ldap/deps U trunk/src/plugins/kdb/ldap/ldap_util/Makefile.in U trunk/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in U trunk/src/plugins/kdb/ldap/libkdb_ldap/deps U trunk/src/plugins/locate/python/Makefile.in U trunk/src/plugins/locate/python/deps U trunk/src/plugins/preauth/cksum_body/Makefile.in U trunk/src/plugins/preauth/cksum_body/deps U trunk/src/plugins/preauth/encrypted_challenge/Makefile.in U trunk/src/plugins/preauth/encrypted_challenge/deps U trunk/src/plugins/preauth/pkinit/Makefile.in U trunk/src/plugins/preauth/pkinit/deps U trunk/src/plugins/preauth/wpse/Makefile.in U trunk/src/plugins/preauth/wpse/deps U trunk/src/slave/Makefile.in U trunk/src/slave/deps U trunk/src/tests/Makefile.in U trunk/src/tests/asn.1/Makefile.in U trunk/src/tests/asn.1/deps U trunk/src/tests/create/Makefile.in U trunk/src/tests/create/deps U trunk/src/tests/dejagnu/Makefile.in U trunk/src/tests/gss-threads/Makefile.in U trunk/src/tests/gss-threads/deps U trunk/src/tests/gssapi/Makefile.in U trunk/src/tests/gssapi/deps U trunk/src/tests/hammer/Makefile.in U trunk/src/tests/hammer/deps U trunk/src/tests/misc/Makefile.in U trunk/src/tests/misc/deps U trunk/src/tests/mkeystash_compat/Makefile.in U trunk/src/tests/resolve/Makefile.in U trunk/src/tests/resolve/deps U trunk/src/tests/shlib/Makefile.in U trunk/src/tests/shlib/deps U trunk/src/tests/threads/Makefile.in U trunk/src/tests/threads/deps U trunk/src/tests/verify/Makefile.in U trunk/src/tests/verify/deps U trunk/src/util/Makefile.in U trunk/src/util/collected-client-lib/Makefile.in U trunk/src/util/depfix.pl U trunk/src/util/et/Makefile.in U trunk/src/util/et/deps U trunk/src/util/profile/Makefile.in U trunk/src/util/profile/deps U trunk/src/util/send-pr/Makefile.in U trunk/src/util/ss/Makefile.in U trunk/src/util/ss/deps U trunk/src/util/support/Makefile.in U trunk/src/util/support/deps U trunk/src/windows/kfwlogon/Makefile.in U trunk/src/windows/ms2mit/Makefile.in From rt-comment at krbdev.mit.edu Sun Nov 22 13:20:37 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Sun, 22 Nov 2009 18:20:37 +0000 (UTC) Subject: [krbdev.mit.edu #6583] SVN Commit In-Reply-To: Message-ID: Update the build system documentation: * The test suite no longer requires root. * appl no longer contains what it used to contain. * Mention --disable-rpath as an alternative for make check. http://src.mit.edu/fisheye/changelog/krb5/?cs=23309 Commit By: ghudson Revision: 23309 Changed Files: U trunk/doc/build.texinfo From rt-comment at krbdev.mit.edu Sun Nov 22 13:44:47 2009 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Sun, 22 Nov 2009 18:44:47 +0000 (UTC) Subject: [krbdev.mit.edu #6583] SVN Commit In-Reply-To: Message-ID: Remove discussion of the unbundled applications from the install guide. http://src.mit.edu/fisheye/changelog/krb5/?cs=23310 Commit By: ghudson Revision: 23310 Changed Files: U trunk/doc/install.texinfo From rt-comment at krbdev.mit.edu Sun Nov 22 16:26:48 2009 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Sun, 22 Nov 2009 21:26:48 +0000 (UTC) Subject: [krbdev.mit.edu #6584] r22778 breaks zephyr; probable incompatible In-Reply-To: Message-ID: Found with git bisect, so I haven't looked into why this is the case. However, Author: tsitkova Date: Fri Sep 18 19:10:48 2009 +0000 Use enc_provider for des hash routines. Also needed by Crypto modularity pro j. Breaks zephyr. After this commit, subscribing gets a srvnak. From rt-comment at krbdev.mit.edu Sun Nov 22 16:52:48 2009 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Sun, 22 Nov 2009 21:52:48 +0000 (UTC) Subject: [krbdev.mit.edu #6584] r22778 breaks zephyr; probable incompatible In-Reply-To: Message-ID: Sam Hartman via RT writes: > Found with git bisect, so I haven't looked into why this is the case. > However, Author: tsitkova > Date: Fri Sep 18 19:10:48 2009 +0000 > > Use enc_provider for des hash routines. Also needed by Crypto modularity pro > j. > > > Breaks zephyr. > After this commit, subscribing gets a srvnak. It looks like the raw input key is used, not the "xorkey" as before this change. From rt-comment at krbdev.mit.edu Mon Nov 23 18:10:40 2009 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Mon, 23 Nov 2009 23:10:40 +0000 (UTC) Subject: [krbdev.mit.edu #6206] SVN Commit In-Reply-To: Message-ID: Integrate Apple APIs for storing configuration parameters in a ccache. * krb5_cc_get_config: get a config parameter from a ccache * krb5_cc_set_config: set a configuration parameter in a ccache * krb5_is_config_principal: should this principal be skipped during ccache iteration * klist: skip config principals http://src.mit.edu/fisheye/changelog/krb5/?cs=23316 Commit By: hartmans Revision: 23316 Changed Files: U users/hartmans/fast-negotiate/src/clients/klist/klist.c U users/hartmans/fast-negotiate/src/include/krb5/krb5.hin U users/hartmans/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c U users/hartmans/fast-negotiate/src/lib/krb5/ccache/ccfns.c U users/hartmans/fast-negotiate/src/lib/krb5/libkrb5.exports From rt-comment at krbdev.mit.edu Mon Nov 23 19:53:36 2009 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Tue, 24 Nov 2009 00:53:36 +0000 (UTC) Subject: [krbdev.mit.edu #6585] SVN Commit In-Reply-To: Message-ID: Per the latest preauth framework spec, the working group has decided to forbid ap-request armor in the TGS request because of security problems with that armor type. This commit was tested against an implementation of FAST TGS client to confirm that if explicit armor is sent, the request is rejected. http://src.mit.edu/fisheye/changelog/krb5/?cs=23324 Commit By: hartmans Revision: 23324 Changed Files: U users/hartmans/fast-negotiate/src/kdc/fast_util.c From rt-comment at krbdev.mit.edu Mon Nov 23 20:05:31 2009 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Tue, 24 Nov 2009 01:05:31 +0000 (UTC) Subject: [krbdev.mit.edu #6585] SVN Commit In-Reply-To: Message-ID: Per the latest preauth framework spec, the working group has decided to forbid ap-request armor in the TGS request because of security problems with that armor type. This commit was tested against an implementation of FAST TGS client to confirm that if explicit armor is sent, the request is rejected. http://src.mit.edu/fisheye/changelog/krb5/?cs=23325 Commit By: hartmans Revision: 23325 Changed Files: U trunk/src/kdc/fast_util.c From rt-comment at krbdev.mit.edu Tue Nov 24 19:08:15 2009 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 25 Nov 2009 00:08:15 +0000 (UTC) Subject: [krbdev.mit.edu #6584] r22778 breaks zephyr; probable incompatible In-Reply-To: Message-ID: Sam Hartman via RT writes: > Found with git bisect, so I haven't looked into why this is the case. > However, Author: tsitkova > Date: Fri Sep 18 19:10:48 2009 +0000 > > Use enc_provider for des hash routines. Also needed by Crypto modularity pro > j. > > > Breaks zephyr. > After this commit, subscribing gets a srvnak. > > _______________________________________________ > krb5-bugs mailing list > krb5-bugs at mit.edu > https://mailman.mit.edu/mailman/listinfo/krb5-bugs Please try to verify the attached patch against zephyr. It needs a bit of cleaning up but I wanted to make sure that the "xorkey" is the issue as I believe it to be. (The OpenSSL back end needs related changes.)