krb5-clients/1146: string2key gets wrong salt with Heimdal KDC and converted AFS accounts
Wolfgang.Friebel@cern.ch
Wolfgang.Friebel at cern.ch
Fri Aug 9 11:31:43 EDT 2002
>Number: 1146
>Category: krb5-clients
>Synopsis: string2key gets wrong salt with Heimdal KDC and converted AFS accounts
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Aug 9 11:32:01 EDT 2002
>Last-Modified:
>Originator: Wolfgang FRIEBEL
>Organization:
CERN
>Release: krb5-1.2.5
>Environment:
System: Linux pcitdis18 2.4.9-31.1.cern #1 Thu Apr 4 22:42:20 CEST 2002 i686 unknown
Architecture: i686
Client (kinit) running against Heimdal KDC (0.4e) on Solaris
>Description:
A Kerberos4 database was converted with Heimdal tools to K5 and is running with a Heimdal KDC
Authentication with Heimdal Clients is ok, authentication with MIT clients does not work for
the AFS salted entries. New entries and entries that got new enctypes trough a password change
do work. Debugging showed that in string2key the salt->data string had a '@' character appended.
By removing the trailing character the MIT client works as well.
>How-To-Repeat:
see description
>Fix:
The following context diff solved the problem, but this is only a workaround. I do actually not
know whether the bug is in the MIT client code or in the Heimdal server code.
*** krb5-1.2.5/src/lib/crypto/des/string2key.c Fri Sep 24 23:17:09 1999
--- krb5-1.2.5/src/lib/crypto/des/string2key.c.new Fri Aug 9 16:48:39 2002
***************
*** 99,104 ****
--- 99,107 ----
if (salt) {
if (salt->length == -1) {
/* cheat and do AFS string2key instead */
+ char *c;
+ c=strchr(salt->data, '@');
+ if ( c >= 0 ) *c = '\0';
return mit_afs_string_to_key (keyblock, data, salt);
} else
length = data->length + salt->length;
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list