Debugging KFM on Mac OSX 10.3

Booker Bense bbense at
Fri Apr 23 17:45:06 EDT 2004

_ I'm trying to figure out a fairly bizarre problem between
KfM and a heimdal KDC. The Heimdal KDC database is a dumped and
converted kaserver one, so it contains afsized keys.
It requires 4 or more attempts to get a tgt if that
principal's password is longer than 8 chars. For some passwords
longer than 8 chars I've never been able to get it work.

_ For passwords that eventually work, the number is very

_ I've looked at what the KDC sends and it's
identical each time.

_ If I compile heimdal, that kinit works first time out
of the box for all ids. The bug appears to be related
to password length, what has me stumped is why it sometimes
works at all. If I had to guess, I'd say that the
afs_string_to_key code is not doing the right algorithm
with >8 char passwords. But if that were true it should
never work....

_ Ideally, I'd like to build and run KfM under a debugger
to find out exactly what is happening. Is there a recipe
for doing this somewhere? I haven't had much luck building
either the Darwin src from Apple or krb5-1.3.3 on OSX 10.3.

_ Booker C. Bense

More information about the krbdev mailing list