From krb5-bugs-incoming-bounces@PCH.mit.edu Fri Mar 21 14:49:59 2014 Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id AA72C751B3; Fri, 21 Mar 2014 14:49:59 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s2LInxRB016247; Fri, 21 Mar 2014 14:49:59 -0400 Received: from mailhub-dmz-4.mit.edu (mailhub-dmz-4.mit.edu [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s2LDfIOK002664 for ; Fri, 21 Mar 2014 09:41:18 -0400 Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id s2LDcJqa029573 for ; Fri, 21 Mar 2014 09:41:17 -0400 X-AuditID: 12074423-f79476d000000c51-76-532c417c929a Authentication-Results: symauth.service.identifier Received: from mail-ie0-f176.google.com (mail-ie0-f176.google.com [209.85.223.176]) (using TLS with cipher RC4-SHA (128/128 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 2F.8B.03153.D714C235; Fri, 21 Mar 2014 09:41:17 -0400 (EDT) Received: by mail-ie0-f176.google.com with SMTP id rd18so2404347iec.21 for ; Fri, 21 Mar 2014 06:41:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=oUqGVe02OXlI6QwWHBCsLG3X+yq5//+MLZpTWbFRdXg=; b=HmVhPv9MAG5cXAjr1EeFvy9Lx7KOteW2jEj3vZqa05gN4hfCpaCpq1VtaipeUbAYOd 8BZE6ZydZCkY36fcw8ZW4YJp+pBZo0KdqdKmamEuI2MBUQbH/26Ww+2nur3zxp0iWtXQ S2nrp9ZPynl6QroQoaY0HN9il5KayZn0ztK1wMzzSoZihohcQM4ULlPzOjEPx5yR8Juu azltxCb5mHyhwGE9oAlIrfgNFYjLv1uLdrGxNtzJRxYFFgQkBMSt7fp5h8G2hReMmxrw WyjaVuPA0zEZcvQthhOyfJ5AgF7YWXRGw4OSnWkc7KfiTJ63CVzFRtIyBjYN8Vk59Quk Ntpw== X-Gm-Message-State: ALoCoQlUsSaOQb1k35QXwkx7zwJ3bQcojg1uxRHXkBx2lJEy0ISziJEcl5oo3OUGquU2HPLEjlM8 MIME-Version: 1.0 X-Received: by 10.42.53.10 with SMTP id l10mr39555259icg.33.1395409276688; Fri, 21 Mar 2014 06:41:16 -0700 (PDT) Received: by 10.64.60.197 with HTTP; Fri, 21 Mar 2014 06:41:16 -0700 (PDT) Date: Fri, 21 Mar 2014 13:41:16 +0000 Message-ID: Subject: kadmin: Reports 'no salt' whenever key data is stored with key_data_ver = 1 From: Nick Moriarty To: krb5-bugs@mit.edu Content-Type: text/plain; charset=ISO-8859-1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEKsWRWlGSWpSXmKPExsVyMfT+Bt1aR51gg80/BS0aHh5nd2D0aDpz lDmAMYrLJiU1J7MstUjfLoErY/K/DqaCE5wVtzbcZ25g3MDexcjJISFgIvGmeyobiM0oYCSx +9wrVoi4mMSFe+uB4lwcQgLbmCQOv7/CAuH0MUrMeLeaFcSREJjJKtF7bA4LREuCxMqPq8Bs XgFBiZMznwDZHEDxIon5mx1BwkICXhJHpt5mArFZBFQlDsyayARRHiCx+HIPI4gtLBAmcfRw H1icTUBP4veJeWAjRQREJV7+PQZmMwvoSLzre8A8gVFgFpJts5CkFjAyrWKUTcmt0s1NzMwp Tk3WLU5OzMtLLdI108vNLNFLTSndxAgMPiF2F+UdjH8OKh1iFOBgVOLhreDUDhZiTSwrrsw9 xCjJwaQkyrvGWCdYiC8pP6UyI7E4I76oNCe1+BCjBAezkghvpx1QjjclsbIqtSgfJiXNwaIk zivPATRJID2xJDU7NbUgtQgmy8TBfohRhoNDSYL3mQNQt2BRanpqRVpmTgmyGk4QwQWyhgdo TSFIIW9xQWJucWY6RNEpRmOOprurG5k4Tq3b0MgkxJKXn5cqJc47A6RUAKQ0ozQPbiQsqVxi lJUS5mVkYGAQ4gG6CRgUqPKvGMWBwSDMawUyhSczrwRu3yugU5iATuGfqgVySkkiQkqqgVGe f/cK2Wq5K39nn1R7cyd9pfEblyk2Ku9E4j307gq2eYpv844MMmIqvsrL9OlGbmSxmMXHb8Kd WcWKcj9D9/9/1rdB7ty0qtyn34+YqLc0uMyR4SwUc8yxb5sSwH7gyZzpB16bsrGUHv2e5sec yV5jX/hueyrfKlbz0HN6pX+9u3J2thpXKLEUZyQaajEXFScCAEMLE88lAwAA X-Mailman-Approved-At: Fri, 21 Mar 2014 14:49:58 -0400 X-BeenThere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu >Originator: Nick Moriarty >Organization: University of York >Confidential: no >Synopsis: kadmin reports 'no salt' for normally-salted entries using key_data_ver=1 >Severity: non-critical >Priority: low >Release: 1.12.1 >Environment: System: Ubuntu GNU/Linux 3.2.0-60 Machine: x86_64 >Description: We've found a text bug in kadmin.c, which causes keys to be reported as unsalted whenever they have key_data_ver = 1. According to API docs (http://cryptnet.net/mirrors/docs/krb5adm_api.html), key_data_ver set to 1 indicates that either of the following are true: - The key is salted using the normal v5 salting method, or - The key was generated randomly, so salting is never applied / irrelevant In src/kadmin/cli/kadmin.c: 1456: printf(_("no salt\n")); This text should be changed to something more appropriate; 'normal' would seem sensible, as this is typically how normal v5 salting is identified. >How-To-Repeat: Run kadmin and get_princ a principal with only normal salting on their keys; they will show up as 'no salt'. >Fix: 1507c1507 < printf(_("no salt\n")); --- > printf(_("normal\n"));