Kerberos
Team,
I've been using
Kerberos for about 6 months now and have a handle on the parts I am interested
in. I appreciate all of your hard work. I've played with some
parts of the code to understand how things work. I have found a definite
bug that exists in at least krb5-1.6 and the current release
krb5-1.6.3. My configuration settings are below. The problem exists
within the Pre-Authentication section of the KDC. Specifically in
do_as_req.c. The section of code that is just below the comment
"ptooey. We want krb5_db_sync() or something like that." does not compile
because a couple of these functions no longer exist. Example: cd to
krb5-1.6.3/src and perform the grep commands listed
below.
configure
-without-krb4 -with-ldap -with-kdc-kdb-update
make
Make fails on the
KDC.
grep
krb5_db_set_name -r *
grep krb5_db_init -r
*
There is a prototype
for init, but no function exists and set_name is clearly not there at
all.
FYI: I am
using an Intel Linux machine to host the KDC and using OS X 10.4.10 as a
client. On another note: I am not sure why, but the code within
do_as_req.c gets executed twice under my setup when an incorrect password is
entered on the client. I suspect a problem within OS X since using an
incorrect password within kinit only executes the code once.
Thanks for your
time,
Ryan
Lange
Sr. Software
Eng.
L-3 Communications
IS