krb5-1.8-beta1 is available
mdw at umich.edu
Thu Feb 25 02:50:36 EST 2010
> Date: Wed, 24 Feb 2010 23:45:06 EST
> To: Marcus Watts <mdw at umich.edu>
> cc: "krbdev at mit.edu" <krbdev at mit.edu>
> From: Tom Yu <tlyu at MIT.EDU>
> Subject: Re: krb5-1.8-beta1 is available
> Marcus Watts <mdw at umich.edu> writes:
> > ____ 3. decrypted enc_parts
> > Code fails doing an asn.1 decode of "enc_part" -> "enc_part2".
> > asn.1 decode from decode_krb5_enc_tkt_part.
> Thanks for your help in investigating.
> Would you please provide more details of which code is failing and in
> what way? Is it stock krb5 library code from an earlier release? I
> was intending to code-freeze krb5-1.8 earlier this week and would like
> to know if this issue is a showstopper.
Ok. This issue is definitely not a showstopper; you should feel
free to release krb5-1.8. I've managed to find the offending
code, it's not in krb5-1.8 at all, and I now have a fixed version
that works without incident.
The code that was failing for me is *not* any version of mit kerberos;
it's separate code which decodes kerberos 5 data using openssl asn.1
logic. The advantage is that it might catch problems that escaped your
testing; the disadvantage is those problems might be its own problems.
So far, it caught one problem for you, and scored one problem of its own.
Sorry for the confusion; the tight schedule you have didn't give me much
time to get my ducks in a row.
So the main concern I have at this point is it's not clear to me whatever
this is has good documentation, &etc. I'm now more or less convinced
that S4U2Self and S4U2Proxy aren't ietf draft standards, but at least
I found http://k5wiki.kerberos.org/wiki/Projects/Services4User .
More information about the krbdev