[krbdev.mit.edu #7033] krb5 1.10 KRB5_PADATA_ENC_TIMESTAMP isn't working
Arlene Berry via RT
rt-comment at krbdev.mit.edu
Wed Nov 30 15:44:10 EST 2011
I pulled in the tip of 1.10 last week to try it out. I'm seeing a problem with the KRB5_PADATA_ENC_TIMESTAMP preauth type. We call krb5_get_init_creds_password after setting the preauth list to KRB5_PADATA_ENC_TIMESTAMP and it's reporting a loop error. I debugged into it and verified that it attempts to do the requested preauth type which fails causing the loop. I got down to lib/krb5/krb/gic_pwd.c at line 75 where krb5_get_as_key_password calls krb5_c_string_to_key_with_params and krb5_c_string_to_key_with_params reports bad enctype. I checked and the requested enctype is 0. The enctype is coming from the preauth rock where it's also 0 and that's as far as I got with it.
More information about the krb5-bugs
mailing list