[krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO

The RT System itself via RT rt-comment at krbdev.mit.edu
Wed Oct 5 20:09:32 EDT 2005 

>From krb5-bugs-incoming-bounces at PCH.mit.edu  Wed Oct  5 20:09:28 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
	id UAA16866; Wed, 5 Oct 2005 20:09:28 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j9608qpx018871
	for <krb5-send-pr at krbdev.mit.edu>; Wed, 5 Oct 2005 20:08:52 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j9608ppx018868
	for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 5 Oct 2005 20:08:51 -0400
Received: from brmea-mail-3.sun.com (brmea-mail-3.Sun.COM [192.18.98.34])
	j9608n7d017695
	for <krb5-bugs at mit.edu>; Wed, 5 Oct 2005 20:08:49 -0400 (EDT)
Received: from centralmail1brm.Central.Sun.COM
	(centralmail1brm.central.sun.com [129.147.62.1])
	by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id j9608m1L014563
	for <krb5-bugs at mit.edu>; Wed, 5 Oct 2005 18:08:48 -0600 (MDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
	with ESMTP id j9608mZv019875
	for <krb5-bugs at mit.edu>; Wed, 5 Oct 2005 18:08:48 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
	j9608l01009551
	for <krb5-bugs at mit.edu>; Wed, 5 Oct 2005 19:08:47 -0500 (CDT)
Received: (from willf at localhost)
	by alton.central.sun.com (8.13.4+Sun/8.13.3/Submit) id j9608lfs009550;
	Wed, 5 Oct 2005 19:08:47 -0500 (CDT)
Date: Wed, 5 Oct 2005 19:08:47 -0500 (CDT)
Message-Id: <200510060008.j9608lfs009550 at alton.central.sun.com>
To: krb5-bugs at mit.edu
From: william.fiveash at sun.com
X-send-pr-version: 3.99
X-Spam-Score: -1.366
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: william.fiveash at sun.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu


>Submitter-Id:	net
>Originator:	William Fiveash
>Organization: Sun Microsystems
	
>Confidential:	no 
>Synopsis:	AS_REP padata missing PA-ETYPE-INFO
>Severity:	non-critical 
>Priority:	low 
>Category:	krb5-libs 
>Class:		sw-bug 
>Release:	krb5-1.4.2
>Environment:
	
System: SunOS alton 5.10 Generic_118822-18 sun4u sparc SUNW,Sun-Blade-1000
Architecture: sun4

>Description:
	

   The KDC is returning only PA-ETYPE-INFO2 in the AS_REP even though
   the AS_REQ only contains des-cbc-crc.  That appears to violate the
   text in rfc4120 below:

   When the AS server is to include pre-authentication data in a
   KRB-ERROR or in an AS-REP, it MUST use PA-ETYPE-INFO2, not PA-ETYPE-
   INFO, if the etype field of the client's AS-REQ lists at least one
   "newer" encryption type.  Otherwise (when the etype field of the
   client's AS-REQ does not list any "newer" encryption types), it MUST
   send both PA-ETYPE-INFO2 and PA-ETYPE-INFO (both with an entry for
   each enctype).  A "newer" enctype is any enctype first officially
   specified concurrently with or subsequent to the issue of this RFC.
   The enctypes DES, 3DES, or RC4 and any defined in [RFC1510] are not
   "newer" enctypes.

   Hint, look at return_padata() in kdc_preauth.c and etype-info
   instance of the preauth_systems[] (no return_padata function
   defined).

>How-To-Repeat:
	
    Set default_tkt_enctypes = des-cbc-crc and kinit.
>Fix:
	
    See the description.

More information about the krb5-bugs mailing list