From jsyed at houston.sns.slb.com Mon Aug 5 23:03:29 2002 From: jsyed at houston.sns.slb.com (Jameel Syed) Date: Mon, 05 Aug 2002 22:03:29 -0500 Subject: pending/1145: krb5_rd_req failed error: URGENT Help needed Message-ID: <5.0.0.25.2.20020805220227.026b2fe0@pop.houston.sns.slb.com> >Number: 1145 >Category: pending >Synopsis: krb5_rd_req failed error: URGENT Help needed >Confidential: yes >Severity: serious >Priority: medium >Responsible: gnats-admin >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Mon Aug 5 23:23:00 EDT 2002 >Last-Modified: >Originator: >Organization: >Release: >Environment: >Description: >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: --Boundary_(ID_KF9eACilZkvY7qfSknp9ag) Content-type: text/plain; charset=iso-8859-1; format=flowed Content-transfer-encoding: quoted-printable Hi all, I have installed KDC on a linux , i686 machine. I am using KTelnet as my telnet client to connect to the telnet server present on the same machine from a Win2000 system. The KDC is MIT KDC 1.2.5 version downloaded from the mit web site..and the telnet deamon is the one supplied with it. Everything goes on fine..the KTelnet client gets the TGT and also service ticket..but the telnet deamon....gives me the following error.....It will be great if you'll help me resolve this issue...... Its very urgent and improtant for me to resolve it ASAP... Your help would be greatly appreciated. Thanks, Jameel. ERROR: [ TerminalId: ] [ Trying mutual KERBEROS5 ] [ Sent Kerberos V5 credentials to server ] =F0[ Kerberos V5 didn't accept you ] [ Reason: telnetd: krb5_rd_req failed: No such f ile or directory ] [ Trying mutual KERBEROS5 ] [ Sent Kerberos V5 credentials to server ] =F0[ Kerberos V5 didn't accept you ] [ Reason: telnetd: krb5_rd_req failed: No such f ile or directory ] [ Trying KERBEROS5 ] [ Sent Kerberos V5 credentials to server ] =F0[ Kerberos V5 didn't accept you ] [ Reason: telnetd: krb5_rd_req failed: No such file or directory ] telnetd: Authorization failed. [ Connection closed ] Schlumberger = Jameel=20 Syed Schlumberger Network Solutions 5599 Sanfelipe Suite 1040 Houston, TX-77056. Office: 713-513-3256 --Boundary_(ID_KF9eACilZkvY7qfSknp9ag) Content-type: text/html; charset=iso-8859-1 Content-transfer-encoding: quoted-printable Hi all,

    I have installed KDC on a linux , i686 machine. I am using KTelnet
as my telnet client to connect to the telnet server present on the same
machine from a Win2000 system.

   The KDC is MIT KDC 1.2.5 version downloaded from the mit web
site..and the telnet deamon is the one supplied with it.

   Everything goes on fine..the KTelnet client gets the TGT and also
service ticket..but the telnet deamon....gives me the following
error.....It will be great if you'll help me resolve this issue......


Its very urgent and improtant for me to resolve it ASAP...

Your help would be greatly appreciated.
Thanks,
Jameel.

ERROR:


[ TerminalId: <xterm> ]
[ Trying mutual KERBEROS5 ]
[ Sent Kerberos V5 credentials to server ]
=F0[ Kerberos V5 didn't accept you ]
[ Reason: telnetd: krb5_rd_req failed: No such f
ile or directory ]
[ Trying mutual KERBEROS5 ]
[ Sent Kerberos V5 credentials to server ]
=F0[ Kerberos V5 didn't accept you ]
[ Reason: telnetd: krb5_rd_req failed: No such f
ile or directory ]
[ Trying KERBEROS5 ]
[ Sent Kerberos V5 credentials to server ]
=F0[ Kerberos V5 didn't accept you ]
[ Reason: telnetd: krb5_rd_req failed: No such file or directory ]
telnetd: Authorization failed.

[ Connection closed ]

Schlumberger             &nb= sp;         &nbs= p;          = ;          =

   &= nbsp;         &n= bsp;         &nb= sp;                 &n= bsp;         &nb= sp;         &nbs= p;          = ;                Jameel Syed

Schlumberger Network Solutions
5599 Sanfelipe
Suite 1040
Houston, TX-77056.
Office: 713-513-3256
--Boundary_(ID_KF9eACilZkvY7qfSknp9ag)-- From Wolfgang.Friebel at cern.ch Fri Aug 9 11:31:43 2002 From: Wolfgang.Friebel at cern.ch (Wolfgang.Friebel@cern.ch) Date: Fri, 9 Aug 2002 17:31:43 +0200 (CEST) Subject: krb5-clients/1146: string2key gets wrong salt with Heimdal KDC and converted AFS accounts Message-ID: <20020809153143.E18541817@pcitdis18.cern.ch> >Number: 1146 >Category: krb5-clients >Synopsis: string2key gets wrong salt with Heimdal KDC and converted AFS accounts >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Aug 9 11:32:01 EDT 2002 >Last-Modified: >Originator: Wolfgang FRIEBEL >Organization: CERN >Release: krb5-1.2.5 >Environment: System: Linux pcitdis18 2.4.9-31.1.cern #1 Thu Apr 4 22:42:20 CEST 2002 i686 unknown Architecture: i686 Client (kinit) running against Heimdal KDC (0.4e) on Solaris >Description: A Kerberos4 database was converted with Heimdal tools to K5 and is running with a Heimdal KDC Authentication with Heimdal Clients is ok, authentication with MIT clients does not work for the AFS salted entries. New entries and entries that got new enctypes trough a password change do work. Debugging showed that in string2key the salt->data string had a '@' character appended. By removing the trailing character the MIT client works as well. >How-To-Repeat: see description >Fix: The following context diff solved the problem, but this is only a workaround. I do actually not know whether the bug is in the MIT client code or in the Heimdal server code. *** krb5-1.2.5/src/lib/crypto/des/string2key.c Fri Sep 24 23:17:09 1999 --- krb5-1.2.5/src/lib/crypto/des/string2key.c.new Fri Aug 9 16:48:39 2002 *************** *** 99,104 **** --- 99,107 ---- if (salt) { if (salt->length == -1) { /* cheat and do AFS string2key instead */ + char *c; + c=strchr(salt->data, '@'); + if ( c >= 0 ) *c = '\0'; return mit_afs_string_to_key (keyblock, data, salt); } else length = data->length + salt->length; >Audit-Trail: >Unformatted: From tlyu at MIT.EDU Fri Aug 16 17:00:27 2002 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 16 Aug 2002 17:00:27 -0400 (EDT) Subject: krb5-kdc/1149: KDC client lockout for DISALLOW_ALL_TIX or expiration Message-ID: <200208162100.RAA29599@saint-elmos-fire.mit.edu> >Number: 1149 >Category: krb5-kdc >Synopsis: KDC client lockout for DISALLOW_ALL_TIX or expiration >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Aug 16 17:01:00 EDT 2002 >Last-Modified: >Originator: Tom Yu >Organization: mit >Release: 1.2.6 >Environment: System: SunOS saint-elmos-fire.mit.edu 5.8 Generic_108528-13 sun4u sparc SUNW,Ultra-5_10 Architecture: sun4 >Description: The KDC doesn't check the client principal for DISALLOW_ALL_TIX or for expiration. This happens while handling krb5 TGS_REQ or krb4 APPL_REQ, or when converting a krb5 ticket to krb4. >How-To-Repeat: >Fix: Code needs to be written to check for the local realm in the client principal, and to do the lookup and flag/expiration check. >Audit-Trail: >Unformatted: From rt-comment at KRBDEV.MIT.EDU Mon Aug 19 18:47:14 2002 From: rt-comment at KRBDEV.MIT.EDU (Enoch Root via RT) Date: Mon, 19 Aug 2002 18:47:14 -0400 (EDT) Subject: [krbdev.mit.edu #1153] CVS Commit In-Reply-To: Message-ID: Close out test ticket From rt-comment at krbdev.mit.edu Mon Aug 19 18:53:15 2002 From: rt-comment at krbdev.mit.edu ( via RT) Date: Mon, 19 Aug 2002 18:53:15 -0400 (EDT) Subject: [krbdev.mit.edu #1154] Open new ticket In-Reply-To: Message-ID: This ticket is being opened to confirm that inital mail for new tickets works correctly. From rt-comment at krbdev.mit.edu Tue Aug 20 15:00:39 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Tue, 20 Aug 2002 15:00:39 -0400 (EDT) Subject: [krbdev.mit.edu #1155] In-Reply-To: Message-ID: From rt-comment at KRBDEV.MIT.EDU Tue Aug 20 17:25:01 2002 From: rt-comment at KRBDEV.MIT.EDU ( via RT) Date: Tue, 20 Aug 2002 17:25:01 -0400 (EDT) Subject: [krbdev.mit.edu #1156] krb5 should be able to use a separate com_err In-Reply-To: Message-ID: We would like to be able to specify in configure the ability to use a com_err library and compile_et binary in a specific location rather than building com_err in the tree. KfM needs this because it uses its own com_err which supports Mac OS X's string localization mechanism rather than hard-coded strings. From rt-comment at KRBDEV.MIT.EDU Tue Aug 20 17:40:33 2002 From: rt-comment at KRBDEV.MIT.EDU ( via RT) Date: Tue, 20 Aug 2002 17:40:33 -0400 (EDT) Subject: [krbdev.mit.edu #1157] KfM needs to build krb5 clients and libraries separately In-Reply-To: Message-ID: KfM needs the krb5 build system to be able to build the libraries and clients in separate passes. We build all our libraries static and then merge them into a framework. Because we build krb5 libraries which depend on symbols in the rest of KfM (such as the CredentialsCache library), these static libraries have undefined symbols in them. As a result, clients can't link until the framework is created. We realize that linking some clients (such as kadmin) against the framework may require exporting of private interfaces. We have been told that private APIs can be exported from libraries as long as their prototypes do not appear in the framework headers. We just need a way to build the libraries, build the framework and then build the clients. From rt-comment at KRBDEV.MIT.EDU Tue Aug 20 20:08:54 2002 From: rt-comment at KRBDEV.MIT.EDU (Sam Hartman via RT) Date: Tue, 20 Aug 2002 20:08:54 -0400 (EDT) Subject: [krbdev.mit.edu #781] default_com_err_proc possible overflow In-Reply-To: Message-ID: Yes, it does appear that this would have been an overflow, but it is fixed in current sources so I'm closing out this bug. Thanks for the report. From rt-comment at KRBDEV.MIT.EDU Tue Aug 20 20:13:45 2002 From: rt-comment at KRBDEV.MIT.EDU (Sam Hartman via RT) Date: Tue, 20 Aug 2002 20:13:45 -0400 (EDT) Subject: [krbdev.mit.edu #641] Telnet rejects v5 authentication In-Reply-To: Message-ID: This is the standard Athena has a keytab we don't and some people get the wrong krb5.conf problem From rt-comment at KRBDEV.MIT.EDU Tue Aug 20 20:19:50 2002 From: rt-comment at KRBDEV.MIT.EDU (Sam Hartman via RT) Date: Tue, 20 Aug 2002 20:19:50 -0400 (EDT) Subject: [krbdev.mit.edu #650] When using telnetd -a off, Kerberos V5 requires that In-Reply-To: Message-ID: login.krb5 does in fact require a Kerberos password on systems that it cannot read the password file for. From rt-comment at KRBDEV.MIT.EDU Tue Aug 20 20:27:22 2002 From: rt-comment at KRBDEV.MIT.EDU (Sam Hartman via RT) Date: Tue, 20 Aug 2002 20:27:22 -0400 (EDT) Subject: [krbdev.mit.edu #303] System crash with login.krb5 In-Reply-To: Message-ID: Login.krb5 no longer crashes AIX. From rt-comment at KRBDEV.MIT.EDU Wed Aug 21 12:17:57 2002 From: rt-comment at KRBDEV.MIT.EDU ( via RT) Date: Wed, 21 Aug 2002 12:17:57 -0400 (EDT) Subject: [krbdev.mit.edu #1129] 1.2.5 lack of libresolv with --disable-dns-for-kdc In-Reply-To: Message-ID: Hi, I've just tried compilinig krb5 1.2.5 (and the 1.2.6 beta) with the option --disable-dns-for-kdc without any problem in linking krb524d. You should also have problems linking krb5kdc, kadmind, etc. In my builds, the function "daemon" is added to the krb5 library in the lib/krb5/posix directory. Can you do the following: a) In the lib directory of your build execute: nm libkrb5.a | grep daemon You should see a line indicating that daemon is a global function. b) If daemon is not present in the library, we need to figure out why. -- look in config.cache in the top level directory - does the line: ac_cv_func_daemon=${ac_cv_func_daemon='no'} appear? Could you send me a copy of the file lib/krb5/config.log? c) If daemon is present in libkrb5.a, could you send me the link line as output by make in the krb524d directory? Mine looks like: cc -L../lib -o krb524d krb524d.o -lkadm5srv -lkdb5 ../lib/libdb.a -lgssrpc -ldyn -lgssapi_krb5 libkrb524.a -lkrb4 -lkrb5 -ldes425 -lk5crypto -lcom_err -lgen -lsocket -lnsl Thanks Ezra From rt-comment at krbdev.mit.edu Wed Aug 21 16:29:35 2002 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Wed, 21 Aug 2002 16:29:35 -0400 (EDT) Subject: [krbdev.mit.edu #1158] [Patrick Sodre ] Bug#157736: krb5-kdc: Typo at kdc.conf man page In-Reply-To: Message-ID: Return-Path: Received: from solipsist-nation ([unix socket]) by solipsist-nation (Cyrus v2.1.5-Debian2.1.5-1) with LMTP; Wed, 21 Aug 2002 07:48:23 -0400 X-Sieve: CMU Sieve 2.2 Return-Path: Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by suchdamage.org (Postfix) with ESMTP id 5146F131AA for ; Wed, 21 Aug 2002 07:48:20 -0400 (EDT) Received: from master.debian.org (master.debian.org [65.125.64.135]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id HAA02452 for ; Wed, 21 Aug 2002 07:48:19 -0400 (EDT) Received: from debbugs by master.debian.org with local (Exim 3.12 1 (Debian)) id 17hTy6-0003EP-00; Wed, 21 Aug 2002 06:48:10 -0500 X-Loop: owner at bugs.debian.org Subject: Bug#157736: krb5-kdc: Typo at kdc.conf man page Reply-To: Patrick Sodre , 157736-maintonly at bugs.debian.org Resent-From: Patrick Sodre Resent-To: Sam Hartman , krb5 at packages.qa.debian.org Resent-Date: Wed, 21 Aug 2002 11:48:07 GMT Resent-Message-ID: X-Debian-PR-Message: report 157736 X-Debian-PR-Package: krb5-kdc Received: via spool by maintonly at bugs.debian.org id=M.10299297599141 (code M ref -1); Wed, 21 Aug 2002 11:48:07 GMT From: Patrick Sodre To: Debian Bug Tracking System X-Mailer: reportbug 1.50 Date: Wed, 21 Aug 2002 07:35:57 -0400 Message-Id: <20020821113557.26FB31B307 at greed.sodre.cx> Delivered-To: maintonly at bugs.debian.org Resent-Sender: Debian BTS X-Spam-Status: No, hits=-4.5 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND version=2.20 X-Spam-Level: MIME-Version: 1.0 Package: krb5-kdc Version: 1.2.4-5woody1 Severity: minor At the man page for kdc.conf. Section FILES... it "points" to /usr/local/lib/krb5kdc/kdc.conf instead of /etc/krb5kdc/kdc.conf. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux greed 2.4.18-greed #1 SMP Mon Aug 19 20:13:12 EDT 2002 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages krb5-kdc depends on: ii debconf 1.0.32 Debian configuration management sy ii e2fsprogs 1.27-2 The EXT2 file system utilities and ii e2fsprogs [libcomerr2] 1.27-2 The EXT2 file system utilities and ii krb5-user 1.2.4-5woody1 Basic programs to authenticate usi ii libc6 2.2.5-11.1 GNU C Library: Shared libraries an pn libcomerr2 Not found. ii libkadm55 1.2.4-5woody1 MIT Kerberos administration runtim ii libkrb53 1.2.4-5woody1 MIT Kerberos runtime libraries From rt-comment at KRBDEV.MIT.EDU Wed Aug 21 16:31:06 2002 From: rt-comment at KRBDEV.MIT.EDU (Sam Hartman via RT) Date: Wed, 21 Aug 2002 16:31:06 -0400 (EDT) Subject: [krbdev.mit.edu #1158] [Patrick Sodre ] Bug#157736: krb5-kdc: Typo at kdc.conf man page In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Wed Aug 21 16:33:41 2002 From: rt-comment at krbdev.mit.edu ( via RT) Date: Wed, 21 Aug 2002 16:33:41 -0400 (EDT) Subject: [krbdev.mit.edu #1158] [Patrick Sodre ] Bug#157736: krb5-kdc: Typo at kdc.conf man page In-Reply-To: Message-ID: From daniel at unity.ncsu.edu Thu Aug 22 09:58:48 2002 From: daniel at unity.ncsu.edu (Daniel Henninger) Date: Thu, 22 Aug 2002 09:58:48 -0400 (EDT) Subject: [krbdev.mit.edu #1129] 1.2.5 lack of libresolv with --disable-dns-for-kdc In-Reply-To: Message-ID: Hrm, I don't even remember submitting this. I also don't recall ever using the --disable-dns-for-kdc flag. How long ago did I submit this report and is there any chance I could see it again so I can figure out what the situation might have been? Daniel > Hi, > > I've just tried compilinig krb5 1.2.5 (and the 1.2.6 beta) with the > option --disable-dns-for-kdc without any problem in linking krb524d. > You should also have problems linking krb5kdc, kadmind, etc. > > In my builds, the function "daemon" is added to the krb5 library in the > lib/krb5/posix directory. > > Can you do the following: > > a) In the lib directory of your build execute: > > nm libkrb5.a | grep daemon > > You should see a line indicating that daemon is a global function. > > b) If daemon is not present in the library, we need to figure out why. > -- look in config.cache in the top level directory - does the line: > ac_cv_func_daemon=${ac_cv_func_daemon='no'} > appear? > > Could you send me a copy of the file lib/krb5/config.log? > > c) If daemon is present in libkrb5.a, could you send me the link line as > output by make in the krb524d > directory? > > Mine looks like: > cc -L../lib -o krb524d krb524d.o -lkadm5srv -lkdb5 ../lib/libdb.a > -lgssrpc -ldyn -lgssapi_krb5 libkrb524.a -lkrb4 -lkrb5 -ldes425 > -lk5crypto -lcom_err -lgen -lsocket -lnsl > > Thanks > > Ezra > -- /\\\----------------------------------------------------------------------///\ \ \\\ Daniel Henninger http://www.vorpalcloud.org/ /// / \_\\\ North Carolina State University - Systems Programmer ///_/ \\\ Information Technology /// """--------------------------------------------------------------""" From rt-comment at krbdev.mit.edu Thu Aug 22 09:58:56 2002 From: rt-comment at krbdev.mit.edu (daniel@ncsu.edu via RT) Date: Thu, 22 Aug 2002 09:58:56 -0400 (EDT) Subject: [krbdev.mit.edu #1129] 1.2.5 lack of libresolv with --disable-dns-for-kdc In-Reply-To: Message-ID: Hrm, I don't even remember submitting this. I also don't recall ever using the --disable-dns-for-kdc flag. How long ago did I submit this report and is there any chance I could see it again so I can figure out what the situation might have been? Daniel > Hi, > > I've just tried compilinig krb5 1.2.5 (and the 1.2.6 beta) with the > option --disable-dns-for-kdc without any problem in linking krb524d. > You should also have problems linking krb5kdc, kadmind, etc. > > In my builds, the function "daemon" is added to the krb5 library in the > lib/krb5/posix directory. > > Can you do the following: > > a) In the lib directory of your build execute: > > nm libkrb5.a | grep daemon > > You should see a line indicating that daemon is a global function. > > b) If daemon is not present in the library, we need to figure out why. > -- look in config.cache in the top level directory - does the line: > ac_cv_func_daemon=${ac_cv_func_daemon='no'} > appear? > > Could you send me a copy of the file lib/krb5/config.log? > > c) If daemon is present in libkrb5.a, could you send me the link line as > output by make in the krb524d > directory? > > Mine looks like: > cc -L../lib -o krb524d krb524d.o -lkadm5srv -lkdb5 ../lib/libdb.a > -lgssrpc -ldyn -lgssapi_krb5 libkrb524.a -lkrb4 -lkrb5 -ldes425 > -lk5crypto -lcom_err -lgen -lsocket -lnsl > > Thanks > > Ezra > -- /\\\----------------------------------------------------------------------///\ \ \\\ Daniel Henninger http://www.vorpalcloud.org/ /// / \_\\\ North Carolina State University - Systems Programmer ///_/ \\\ Information Technology /// """--------------------------------------------------------------""" From rt-comment at krbdev.mit.edu Thu Aug 22 17:46:38 2002 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Thu, 22 Aug 2002 17:46:38 -0400 (EDT) Subject: [krbdev.mit.edu #1129]looking up problem report In-Reply-To: Message-ID: Go to http://krbdev.mit.edu/rt/; log in a guest with password of guest. Then select go to ticket 1129. From rt-comment at krbdev.mit.edu Sun Aug 25 23:39:07 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Sun, 25 Aug 2002 23:39:07 -0400 (EDT) Subject: [krbdev.mit.edu #1159] util/db2/Makefile fails In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Mon Aug 26 13:32:09 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Mon, 26 Aug 2002 13:32:09 -0400 (EDT) Subject: [krbdev.mit.edu #1161] In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Mon Aug 26 13:32:08 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Mon, 26 Aug 2002 13:32:08 -0400 (EDT) Subject: [krbdev.mit.edu #1160] In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Mon Aug 26 14:25:37 2002 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Mon, 26 Aug 2002 14:25:37 -0400 (EDT) Subject: [krbdev.mit.edu #1160] Kerberos requires non-loopback networking In-Reply-To: Message-ID: Hi. Unfortunately the Kerberos KDCs and servers require non-loopback addresses to function properly. This constraint comes from the protocol specification not from our implementation, so the code is correct as implemented. From rt-comment at krbdev.mit.edu Mon Aug 26 15:18:05 2002 From: rt-comment at krbdev.mit.edu (rbell@alumni.caltech.edu via RT) Date: Mon, 26 Aug 2002 15:18:05 -0400 (EDT) Subject: [krbdev.mit.edu #1160] Kerberos requires non-loopback networking In-Reply-To: Message-ID: 'Hi. Unfortunately the Kerberos KDCs and servers require non-loopback addresses to function properly.' 'This constraint comes from the protocol specification not from our implementation, so the code is correct as implemented.' If I comment out the two bits of code that causes Kerberos to ignore the loopback interface it works fine for me. I got all my testing done at home and am ready to install it for the Committee. I wanted to know how IFF_LOOPBACK stays set no matter what I do to unset it. I don't see it set anywhere in the code. russell bell From rt-comment at krbdev.mit.edu Mon Aug 26 15:27:31 2002 From: rt-comment at krbdev.mit.edu (Sam Hartman via RT) Date: Mon, 26 Aug 2002 15:27:31 -0400 (EDT) Subject: [krbdev.mit.edu #1160] Kerberos requires non-loopback networking In-Reply-To: Message-ID: the IF_LOOPBACK definition is a interface flag defined by system header files. The code checks to see if it is defined to see whether testing against that flag will produce a compiler error. From rt-comment at krbdev.mit.edu Tue Aug 27 18:28:45 2002 From: rt-comment at krbdev.mit.edu (zacheiss@MIT.EDU via RT) Date: Tue, 27 Aug 2002 18:28:45 -0400 (EDT) Subject: [krbdev.mit.edu #1164] bogus return value from krb5_auth_con_genaddrs() In-Reply-To: Message-ID: This code exists in krb5_auth_con_genaddrs(): if ((flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) || (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR)) { if ((retval = getpeername(fd, (struct sockaddr *) &rsaddr, &ssize))) return retval; This is unfortunate because getpeername returns -1 and sets errno on error; passing -1 to com_err gets you a useless "____ 255" as your error message. Returning errno would be an improvement over the current situation, but returning something more meaningful would be even better. Garry From rt-comment at krbdev.mit.edu Tue Aug 27 19:22:49 2002 From: rt-comment at krbdev.mit.edu (zacheiss@MIT.EDU via RT) Date: Tue, 27 Aug 2002 19:22:49 -0400 (EDT) Subject: [krbdev.mit.edu #1165] annoying error message from krb5_mk_priv() In-Reply-To: Message-ID: If one calls krb5_mk_priv() without having previously populated your auth_context with your local address via krb5_auth_con_genaddrs(), you get the error message "ASN.1 structure is missing a required field". While strictly true, this isn't very useful for determining what the problem it; the error message should better indicate the problem. Garry From rt-comment at krbdev.mit.edu Wed Aug 28 22:19:05 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Wed, 28 Aug 2002 22:19:05 -0400 (EDT) Subject: [krbdev.mit.edu #1166] In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Wed Aug 28 22:37:35 2002 From: rt-comment at krbdev.mit.edu (fbj@ysu.edu.cn via RT) Date: Wed, 28 Aug 2002 22:37:35 -0400 (EDT) Subject: [krbdev.mit.edu #1166] AutoReply: In-Reply-To: Message-ID: Greetings, This message has been automatically generated in response to the creation of a trouble ticket regarding: "", a summary of which appears below. There is no need to reply to this message right now. Your ticket has been assigned an ID of [krbdev.mit.edu #1166]. Please include the string: [krbdev.mit.edu #1166] in the subject line of all future correspondence about this issue. To do so, you may reply to this message. Thank you, ------------------------------------------------------------------------- From rt-comment at krbdev.mit.edu Thu Aug 29 04:16:15 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Thu, 29 Aug 2002 04:16:15 -0400 (EDT) Subject: [krbdev.mit.edu #1167] In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Thu Aug 29 16:46:34 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Thu, 29 Aug 2002 16:46:34 -0400 (EDT) Subject: [krbdev.mit.edu #1168] In-Reply-To: Message-ID: From rt-comment at krbdev.mit.edu Thu Aug 29 20:21:23 2002 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Thu, 29 Aug 2002 20:21:23 -0400 (EDT) Subject: [krbdev.mit.edu #1169] In-Reply-To: Message-ID: