[krbdev.mit.edu #8060] kinit -C loops chasing realm referrals against MIT KDC
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Jan 20 14:24:34 EST 2015
Commit 3093b92734adfe2deb9ad6bad5a221acc967fd8b (ticket #7856) treats
PRINCIPAL_UNKNOWN errors as AS realm referrals if the client realm is
set, to work around the behavior of the Windows Server 2003 KDC.
This change introduced a looping bug against MIT KDCs, which always set
the client principal and realm in error responses, if an unknown
principal is requested. To fix this bug, the client needs to check
that the client realm is different from the requested realm before
treating the response as a realm referral.
More information about the krb5-bugs
mailing list