serious protocol interop bug in krb5-1.3
tlyu at MIT.EDU
Thu Jul 24 18:39:03 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
The krb5-1.3 release has a serious problem: it fails to correctly
implement the ETYPE-INFO2 preauthentication type, in both client and
server code. This can cause a failure to obtain tickets.
We strongly suggest that krb5-1.3 not be deployed in production
systems, especially on client platforms. The upcoming krb5-1.3.1
release should fix this problem. Code older than krb5-1.3 will ignore
A krb5-1.3 client will fail to get an initial ticket if the following
conditions are true:
* Client requests an initial ticket from a conforming KDC (e.g., not a
* Client receives an ETYPE-INFO2 containing the optional "salt"
element. This will only happen if the KDC knows a client principal
key that was generated using a non-default salt, e.g., the v4 salt.
The krb5-1.3.1 release, currently in beta test, will issue the correct
ETYPE-INFO2. For compatibility, the krb5-1.3.1 client library will
accept the incorrect ETYPE-INFO2 encoding emitted by a krb5-1.3 KDC.
We expect that the final krb5-1.3.1 release will happen next week.
Lack of existing problems in an installation does not indicate that
future upgrades will be successful; a krb5-1.3 client may not exhibit
any obvious failure modes until attempting to communicate with a KDC
that emits the correct ETYPE-INFO2 encoding. Even then, it will only
fail if non-default key salts are used. The Kerberos v4 salt is the
most common non-default salt, and is frequently present in sites that
have migrated from Kerberos v4.
The underlying problem is that the implementation of ETYPE-INFO2 in
krb5-1.3 fails to match the latest internet-draft of the Kerberos
protocol specification. The client will erroneously reject a response
- From the KDC containing a conforming ETYPE-INFO2, since the client
will parse it as containing a malformed ETYPE-INFO2. This prevents a
krb5-1.3 client from working with a conforming KDC if one happens to
be deployed later. This is documented as ticket #1681 in our bug
The main MIT Kerberos web page is
Updates on the situation will be posted there.
MIT Information Systems
Kerberos Development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>
-----END PGP SIGNATURE-----
kerberos-announce mailing list
kerberos-announce at mit.edu
More information about the krbdev