[krbdev.mit.edu #8982] Unable to renew ticket after CVE-2020-17049
Morten Minde Neergaard via RT
rt-comment at krbdev.mit.edu
Mon Feb 1 22:58:17 EST 2021
Mon Feb 01 22:58:16 2021: Request 8982 was acted upon.
Transaction: Ticket created by m-krb at 8d.no
Queue: krb5
Subject: Unable to renew ticket after CVE-2020-17049
Owner: Nobody
Requestors: m-krb at 8d.no
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8982 >
Hi,
after Microsoft released their fix to CVE-2020-17049 a while back, I
can't renew my tickets made against upgraded Windows servers.
The details have apparently been reported to the kerberos mailing list
earlier[0] but I'll show the symptoms:
$ kinit
Password for username at DOMAIN:
$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1116501893
Default principal: username at DOMAIN
Valid starting Expires Service principal
2021-02-01 23:57:41 2021-02-02 09:57:41 krbtgt/DOMAIN at DOMAIN
renew until 2021-02-02 23:57:37, Flags: RIA
$ kinit -R
kinit: KDC can't fulfill requested option while renewing credentials
If you need any further information, I can try to reproduce and help as
I can (although James Ralston, the author of the aforementioned email,
appears to know more about what he's talking about...)
[0]: https://mailman.mit.edu/pipermail/kerberos/2020-November/022582.html
--
Morten Minde Neergaard
More information about the krb5-bugs
mailing list