HELP!! invalid AS-REP from Linux running MIT Kerberos V5

Khosrova, Eliza Eliza.Khosrova at cda.canon.com
Tue Jul 11 16:32:44 EDT 2006


Hello,

Please help us!

We are having a problem when processing AS-REP received from our KDC in
Linux environment.

Our Linux Configuration
==================
We are running a standard Fedora 5 distribution.
The kernel version is:
Linux version 2.6.17-1.2139_FC5
(brewbuilder at hs20-bc2-4.build.redhat.com)
We are running an MIT Kerberos V5 KDC, installed using the package:
krb5-server - 1.4.3-4.1.i386.

We have a Kerberos client application that runs under Windows.  The
client application sent a valid AS-REQ to our KDC in Linux.  
The KDC successfully processed it and sent back AS-REP to our client
application.  However, when our application successfully decrypts 
The 'enc-part' field of AS-REP, it is of type EncTGSRepPart (application
26) instead of being of type EncASRepPart (application 25)
as described in section 5.4.2 of RFC 1510 http://rfc.net/rfc1510.html .
It seems like the AS-REP from our Linux is not conforming 
to RFC.

Our application currently has to work for both Windows and Linux and
when receiving AS-REP from Windows, we are getting a 
correct application type (i.e. EncASRepPart).  Could you please tell us
if you have seen this problem and if so, how to resolve it?

As a test, I changed our application to accept application 26 as valid
one for AS-REP and was able to process AS-REP completely 
and extract TGT and the key.  However, the way our application is
written, it can't accept both so we need to see why our KDC in
Linux is giving us the wrong type.
 
Thank you in advance and hope to hear from someone out there very soon!
Eliza





More information about the Kerberos mailing list