krbdev Digest, Vol 186, Issue 4
joshuacosta6 at gmail.com
Mon Jun 18 07:21:28 EDT 2018
We are developing a software authentification based in the software "leash"
downloaded with kerberos for Windows. Our KDC is located in an IBM ZOS.
The problem that we have is when we demand a ticket TGT of a user that is
in "renewal state", the function leash_kinit doesn't inform about this
situacion, that has a return code KRB5KDC_ERR_KEY_EXP, instead of this
value the code returned is KRB5KDC_ERR_PREAUTH_FAILED.
We are "sniffing" the conversation between client and Host IBM and can see
that the error of key expired is fired, but is hiding by the next error:
How ZOS can't desactivated the preauthentificacion, how can we detect the
Thanks in advance,
El sáb., 16 jun. 2018 a las 18:00, <krbdev-request at mit.edu> escribió:
> Send krbdev mailing list submissions to
> krbdev at mit.edu
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> krbdev-request at mit.edu
> You can reach the person managing the list at
> krbdev-owner at mit.edu
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of krbdev digest..."
> Today's Topics:
> 1. Re: MIT Kerberos 1.14 : gssint_get_mechanism_cred crash
> (Vipul Mehta)
> Message: 1
> Date: Fri, 15 Jun 2018 23:27:54 +0530
> From: Vipul Mehta <vipulmehta.1989 at gmail.com>
> Subject: Re: MIT Kerberos 1.14 : gssint_get_mechanism_cred crash
> To: Greg Hudson <ghudson at mit.edu>
> Cc: krbdev at mit.edu
> dhY6T001DXV6eaYfocnzgAmfVoub7X3Q at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
> Thanks Greg. If i have anything more related to mit kerberos i will share.
> For now we are also suspecting and investigating possible internal bug in
> our code only.
> On Thu, Jun 14, 2018 at 8:33 PM, Greg Hudson <ghudson at mit.edu> wrote:
> > On 06/14/2018 07:05 AM, Vipul Mehta wrote:
> >> We are facing crash in our application while kerberos security context
> >> initialization inside gssint_get_mechanism_cred function.
> > [...]
> >> Looks like memcmp is causing the issue.
> >> &union_cred->mechs_array[i]->length is 9
> >> mech_type->length is 9
> >> mech_type->elements is not NULL
> >> (&union_cred->mechs_array[i])->elements is also not NULL
> >> Is anyone aware of such issue. Any possible fix ? Let me know if you
> >> more information.
> > I am not aware of any such issue. You should double-check that the cred
> > handle you are passing is a valid cred handle and was not previously
> > (although the usual method of releasing a cred handle should also set the
> > pointer to NULL, unless you made a copy of the cred handle before
> > it). If there is a memory corruption issue in the application, you might
> > be able to use valgrind to find it.
> krbdev mailing list
> krbdev at mit.edu
> End of krbdev Digest, Vol 186, Issue 4
More information about the krbdev