Bug in rd_cred.c?

Sam Hartman hartmans at MIT.EDU
Mon Aug 18 20:35:09 EDT 2003

>>>>> "Joseph" == Joseph Galbraith <galb at vandyke.com> writes:

    Joseph> This bug is being exercised only when we use a FreeBSD 4.8
    Joseph> client (which is using Hiemdal, I'm not sure what version
    Joseph> is installed) and the ticket is forwardable.  There is
    Joseph> some sort of ASN.1 parse error occurring ("ASN.1
    Joseph> identifier doesn't match expected value") Have you guys
    Joseph> run into this before?

Yes.  I believe you may be running into a buggy version of Heimdal
that cannot actually successfully forward tickets even to itself.

If this is the bug I'm thinking of, Heimdal sets up a subsession key,
encrypts the ticket in that subsession key, then generates a new
subsession key to use.  The problem is that the second subsession key
is sent over the wire, but the first key is actually used to encrypt
the ticket.

There are several other bugs having to do with Heimdal and MIT
forwarding credentials, but I believe those have all been fixed by KFW

More information about the krbdev mailing list