question about krb5_verify_authenticator_checksum

Jeffrey Altman jaltman2 at
Sat Mar 4 10:42:44 EST 2006

John Hascall wrote:
> Can somebody explain the what is going on with
>     "if(authenticator->cksum == NULL) return -17;"
> (see below).  I am getting this wierd error -17 out
> of NetBSD's telnetd when trying to connect with
> Hummingbird's telnet client.  Is an authenticator
> checksum optional?  Or is it truly an error?
> Thannks,
> John

Specifying a checksum is a required part of the
TELNET AUTH KRB5 option.  If the Telnet client is
not specifying one it is a protocol error at that

What the krb5_verify_authenticator_checksum() function
does is verify that the checkum in the authenticator
matches the checksum of the data you are passing into
the function as 'data' and 'len'.   If the authenticator
checksum doesn't exist you can't compare it to the input
to verify and therefore it is an error.

Jeffrey Altman

More information about the Kerberos mailing list