Question on a very old (2006) Kerberos bug...

Benjamin Kaduk kaduk at MIT.EDU
Thu Jun 27 21:18:41 EDT 2013 

Hello Dana,

I do not believe that the bug report you reference is relevant to your 
current situation.  Kerberos for Windows has extra windows-specific 
functionality on top of the standard krb5 libraries and utilities, and the 
fix for that ticket was contained within the windows-specific code.

Your posting does not indicate whether the user double-authentication 
happens at logon time (e.g. with the help of pam_krb5 or the system 
dotfiles), or is part of a process that is manually invoked by the user; 
we would need a full picture of what the setup is in order to usefully 
comment about it.

That said, the space character is a valid character for kerberos 
passwords, and I fear that stripping even leading and trailing spaces 
might be seen as a regression and therefore an unacceptable change.

I think it would be most appropriate for you to send a new message to the 
kerberos at mit.edu list, treating your situation as a new bug report, 
providing again the Ubuntu and krb5 versions, and describing the situation 
you experience and what part(s) of it are problematic.  That list has more 
people on it who administer production deployments, and may have similar 
experiences.

-Ben Kaduk

On Thu, 27 Jun 2013, Dana Brand wrote:

> Hi all,
>
> I am trying to track the outcome of an old resolved bug:
> http://krbdev.mit.edu/rt/Ticket/Display.html?id=4190
>
> that seems to have crawled back into the current version. Please see my original email below, when trying to contact the original coder.
>
> Thank you very much!
> -------------------------
> Dana Brand
> Systems Adminstrator
> School of Computing Science,
> Simon Fraser University
> PhD Candidate
> University of British Columbia
>
> ----- Forwarded Message -----
> From: "Stephen C Buckley" <sbuckley at mit.edu>
> To: "Dana Brand" <brandd at sfu.ca>
> Sent: Thursday, June 27, 2013 11:41:11 AM
> Subject: Re: Question on a very old (2006) Kerberos bug...
>
> Hi Dana,
>
> My best advice would to submit your inquiry to the krbdev list and see what happens.
>
> best
>
> s
> On Jun 28, 2013, at 3:16 AM, Dana Brand wrote:
>
>> Hello,
>>
>> I have found your contact on http://www.kerberos.org/contact.html
>>
>> I was trying to contact an old developer with regards to an old bug that just seems to have resurfaced in our current setup - could you please forward to whom you think would be the appropriate contact?
>>
>> Getting a hold of the correct version/sources, would solve a great deal of pain with the undergraduate students using our labs here.
>>
>> Thank you very much!
>>
>> -------------------------
>> Dana Brand
>> Systems Adminstrator
>> School of Computing Science,
>> Simon Fraser University
>> PhD Candidate
>> University of British Columbia
>>
>> ----- Forwarded Message -----
>> From: "Dana Brand" <brandd at sfu.ca>
>> To: jaltman at mit.edu
>> Sent: Thursday, June 27, 2013 11:05:09 AM
>> Subject: Question on a very old (2006) Kerberos bug...
>>
>> Hi Jeffrey,
>>
>> I am not sure if you still answer this e-mail address, hoping for the best here...
>>
>> I am a computer systems admin with the school of Computing Science at a smallish university in Vancouver, Canada. We have some Ubuntu computer labs here that need to authenticate to both kerberos and ldap university wide directories.
>>
>> It's a bit of a transition state here (well, lasting for a couple of years now) where we gotta take a user through double authentication and mount some cifs partition as a home for them. Problem is, when user hits a space by mistake (easily done in a lab environment to wake up dormant computers), the kerberos authentication doesn't go through, but the ldap one does, so confused user is logged on with no home.
>>
>> I have been working on this issue for a couple of months now, with no good solution (took a while to figure out the whitespace was the issue in the first place). Today I ran into this very old RT ticket that was assigned to you and apparently resolved, that describes our exact situation:
>>
>> http://krbdev.mit.edu/rt/Ticket/Display.html?id=4190
>>
>> Do you have any idea what has happened to this particular branch of development? Why is this error hunting us now after 7 years? Any tip would be much appreciated!!!
>>
>> As for environment, we are running Ubuntu 12.04.2 LTS, with this krb package version:
>> ii  libkrb5-3                                                   1.10+dfsg~beta1-2ubuntu0.3          MIT Kerberos runtime libraries
>>
>> Thanks again!
>> Dana Brand
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>

More information about the krbdev mailing list