password incorrect but it's not, works fine with Solaris + MIT?
Jeff Blaine
jblaine at kickflop.net
Tue Dec 11 23:55:54 EST 2007
Marcus Watts wrote:
> I was hoping you would try different salt types on the principal itself
> (while leaving the enctype as des-cbc-crc). Still, you appear to have
> 2 of 3 necessary conditions to manifest the bug described here:
> http://mailman.mit.edu/pipermail/krb5-bugs/2006-February/004246.html
> in which case, this patch applied to the kdc may fix it:
> http://www.umich.edu/~mdw/krb5143-kdcetype.diff
>
> I don't think you ever said what version of kerberos you had installed
> on your server, so I don't know how much trouble you'll have patching that.
> This patch was developed against MIT 1.4.3, but substantially the same
> code (and presumably the same behavior) was still there as of 1.6.1.
Indeed, it still seems to be a problem. We're running 1.6.3.
I'll check out the patch and see where that gets me. Thanks!
More information about the Kerberos
mailing list