krb524d and KRB524_KRB4_DISABLED

Jeffrey Altman jaltman at
Wed Oct 17 12:47:56 EDT 2007

John Hascall wrote:
> I tried it, and alas, it appears that (at least some old) clients die
> ugly when they get a krb5_error_code that they do not know:
> ...

> This kinit was compiled against krb5-1.2.6 which seems to know only
> codes -1750206208 .. -1750206201 and not -1750206200[KRB524_KRB4_DISABLED]
That implies a bug in com_err() at least in 1.2.6 in which an error code
within a base range but beyond the length of the table will cause a
memory access error.  Reading the code it looks like this shouldn't
happen with the 1-6 branch.  However, I don't see a commit message with
a specific fix for this so you might want to make up an error code and
throw it at a 1.6 client just to make sure.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the Kerberos mailing list