[Macpartners] Mac OS X 10.4 "Tiger" Update

Alexandra Ellwood lxs at MIT.EDU
Thu Jun 23 11:57:44 EDT 2005 

On Jun 23, 2005, at 10:58 AM, Albert Willis wrote:

>
> On Jun 23, 2005, at 9:35 AM, Carolyn Fuller wrote:
>
>> Helen,
>>
>>
>>> Kerberos is completely usable. The only known Kerberos issue is  
>>> if you have implemented Kerberos tickets on login, which involves  
>>> making modifications to the /etc/authorization file. If you have  
>>> never edited this file, you (and your users) are not affected.
>>>
>>
>> This is not true. There is the issue that MIT and Apple are  
>> working on right now that involves Rich Text Formatted Mail.app  
>> email and Kerberos. This is a pretty serious bug that causes  
>> incoming email and gibberish to be appended onto outgoing email.  
>> Setting your "Composing: Message Format: Plain Text" does not mean  
>> you will avoid this bug. If you copy and paste Rich Text, it will  
>> stay Rich Text unless you remember to manually convert to plain  
>> text before you hit "Send".
>
> Carolyn, I'm not aware of this bug. Could you provide the steps and  
> configuration required to duplicate the problem?

I am also confused here.

I recently filed a bug report with Apple about an issue when Mail.app  
is configured to use "Kerberos Version 5 (GSSAPI)" but *not* SSL for  
outgoing mail.  When I try to send a message longer than 8192 bytes,  
then random memory from Mail.app is appended to the end of the  
message.  This random memory often includes other messages I have  
viewed before and could include key data.

Whether or not rich text is turned on has nothing to do with whether  
or not the bug happens for me.  However, rich text format messages  
are longer than plain text ones, so the bug would be more likely to  
occur when using rich text.

Checking the SSL checkbox in the outgoing mail server settings  
resolves the problem for me.  You should try that and see if it  
resolves the problem for you as well.


I have been working with Apple on this issue since it involves code  
in Mail.app that calls Kerberos APIs.


--lxs

Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>

More information about the Macpartners mailing list