[krbdev.mit.edu #2110] MIT KDC fails to handle unknown padata
DEEngert@anl.gov via RT
rt-comment at krbdev.mit.edu
Wed Feb 11 16:39:37 EST 2004
Sam Hartman wrote:
>
> Hi, Doug. I applied your patches and they seemed to work.
>
> However I was unable to reproduce the error you got against a 1.2.x or
> 1.3.x KDC. I was able to reproduce this problem against a 1.0.7 KDC.
Using a modified 1.3.2 kinit:
kinit -m b17783 at KRB5.ANL.GOV
to a 1.2.8 KDC, I can get it to fail if the user principal has
the REQUIRE_PRE_AUTH attribute. When it is not set the kinit works.
Have you tried this combination?
kinit output:
orleans.ctd.anl.gov% kinit -m b17783 at KRB5.ANL.GOV
kinit(v5): Preauthentication failed while getting initial credentials
KDC log:
Feb 11 15:18:48 chimera.ctd.anl.gov krb5kdc[324]: no valid preauth type found: Unknown code 0
Feb 11 15:18:48 chimera.ctd.anl.gov krb5kdc[324]: AS_REQ (4 etypes {1 3 16 23}) 146.137.180.252(88): PREAUTH_FAILED: b17783 at KRB5.ANL.GOV for krbtgt/KRB5.ANL.GOV at KRB5.ANL.GOV, Preauthentication failed
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krb5-bugs
mailing list