[krbdev.mit.edu #6893] error codes from error responses can be discarded when there's e-data
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Apr 19 14:43:18 EDT 2011
Are you actually seeing unframed KRB-ERROR responses with e_data? If so,
from what server, and what's in the e_data?
The intention of the code is to work around the specific interoperability
bug where an AD server returns an unframed KRB-ERROR message with no
e_data, which was a specific observed behavior. If there are servers
returning unframed KRB-ERROR messages with e_data, we need to figure out
how to process it. The current code intentionally treats the packet as
garbage (because plen is wrong and the circumstances don't meet the
specific interop workaround).
More information about the krb5-bugs
mailing list