Raj M mohan.anon at
Mon Mar 20 21:25:51 EST 2006

 I had posted this on krb5-bugs, it looks like it was the wrong mailing
list, I apologize for the duplicate
 I was trying the preauth schemes in the MIT implementation of the protocol.
I have noticed
a problem when i try to get a initial ticket with the pre auth list as
 { ETYPE_INFO2, ENC_TIMESTAMP} ( I have removed the prefix.)
Now, when I pass this to krb5_get_init_... _password, I get a memory fault.
have traced the problem to preauth2.c file in src/lib/krb5/krb, where in the
case block for ETYPE_INFO2  I get a error return code from
decode_krb5_etype_info2, and when subsequent free is called (ignoring the
return code) it crashes.
       if (ret) {
           ret = 0; /*Ignore error and etype_info element*/
           krb5_free_etype_info( context, etype_info);   <== crash
           etype_info = NULL;

My question is how is etype_info2 preauth suppposed to be used? The reason I
want to do this,
so that I don't have to specify the encryption types for pre-auth (as the
current implementation
seems to pick the first key which is aes...).
I don't know whether it is bug or not, but wanted to see if anyone else seen
this. This is
based on 1.4.1 release (although I have checked the 1.4.3 release and the
affected files do not
seem to have changed).


More information about the Kerberos mailing list