Problem with krb524d/aklog and shared hostname keytabs...

Neulinger, Nathan nneul at
Mon Mar 10 16:21:43 EST 2003

Would security of the following be roughtly equivalent to addressless

Removing this code in krb524/cnv_tkt_skey.c:

     if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) {
         if (krb524_debug)
             fprintf(stderr, "Invalid v5creds address information.\n");
         krb5_free_enc_tkt_part(context, v5etkt);
         v5tkt->enc_part2 = NULL;
         return KRB524_BADADDR;

Cause that appears to solve (or at least hide) this issue...

-- Nathan

Nathan Neulinger                       EMail:  nneul at
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

> -----Original Message-----
> From: Sam Hartman [mailto:hartmans at] 
> Sent: Monday, March 10, 2003 2:02 PM
> To: Neulinger, Nathan
> Cc: krbdev
> Subject: Re: Problem with krb524d/aklog and shared hostname keytabs...
> I don't think we claim to support r even think about any issues
> involving krb4 and addresses that do not exactly match.
> If it doesn't work with krb524d mod to just throw the v5 ticket part
> into an AFS token, we probably care.
> --Sam

More information about the krbdev mailing list