From jgm@trailmix.portolacomm.com Sun Jan 5 18:30:21 1997 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA19773 for ; Sun, 5 Jan 1997 18:30:16 -0500 Received: from [205.178.2.176] by MIT.EDU with SMTP id AA15616; Sun, 5 Jan 97 18:30:13 EST Received: (from jgm@localhost) by trailmix.portolacomm.com (8.7.6/8.7.3) id PAA26852; Sun, 5 Jan 1997 15:31:16 -0800 Message-Id: <199701052331.PAA26852@trailmix.portolacomm.com> Date: Sun, 5 Jan 1997 15:31:16 -0800 From: jgm@portolacomm.com To: krb5-bugs@MIT.EDU Subject: kdc dies when asked for service tickets with no v4 salts X-Send-Pr-Version: 3.99 >Number: 332 >Category: krb5-kdc >Synopsis: kdc dies when asked for service tickets with no v4 salts >Confidential: no >Severity: serious >Priority: medium >Responsible: tlyu >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sun Jan 05 18:31:01 EST 1997 >Last-Modified: Mon Jan 26 23:44:37 EST 1998 >Originator: John Gardiner Myers >Organization: >Release: 1.0 >Environment: System: Linux trailmix.portolacomm.com 2.0.18 #2 Wed Nov 13 17:07:58 PST 1996 i586 Architecture: i586 >Description: When asked for a v4 service ticket for a service that has no v4-salted keys, the server dies. This bug was introduced by a patch I had submitted earlier. Soon after supplying the patch, I had reported that the patch was flawed and should not be applied. Nevertheless, my patch got integrated in version 1.0. The part about the server dying when there is no V4-compatible key is new in 1.0, and should probably be investigated separately. >How-To-Repeat: Create a service with a non-v4-compatible-key. Make a v4 appl request for a ticket for that service. >Fix: First, either remove the patch I submitted earlier, or apply the following patch. I have not investigated why the server dies. *** kerberos_v4.c 1996/12/13 23:52:52 1.3 --- kerberos_v4.c 1997/01/05 23:04:38 *************** *** 403,408 **** --- 403,414 ---- ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_AFS3, -1, + &pkey) && + krb5_dbe_find_enctype(kdc_context, + &entries, + ENCTYPE_DES_CBC_CRC, + -1, + -1, &pkey)) { lt = klog(L_KRB_PERR, "KDC V4: principal %s.%s isn't V4 compatible", >Audit-Trail: Responsible-Changed-From-To: krb5-unassigned->tlyu Responsible-Changed-By: tlyu Responsible-Changed-When: Fri May 30 17:11:45 1997 Responsible-Changed-Why: State-Changed-From-To: open-analyzed State-Changed-By: tlyu State-Changed-When: Fri May 30 17:21:22 1997 State-Changed-Why: weird... From: Tom Yu To: jgm@portolacomm.com Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-kdc/332: kdc dies when asked for service tickets with no v4 salts Date: Fri, 30 May 1997 17:21:11 -0400 So... I'm dusting off this old bug report... and it seems that the code fragment that your patch adds is already in kerberos_v4.c. When did you submit your patch? kerberos_v4.c hasn't changed between beta7 and 1.0. Does the kdc still coredump when processing a v4 request for a key without v4 salt? I can't reproduce your problem, by the way, with the current sources (which aren't substantially different from 1.0). ---Tom State-Changed-From-To: analyzed-closed State-Changed-By: tlyu State-Changed-When: Mon Jan 26 23:44:16 1998 State-Changed-Why: I'm closing this due to lack of response and failure to reproduce the problem. >Unformatted: