Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3400 From jgm@portolacomm.com Sun Nov 3 13:33:40 1996 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id NAA00620 for ; Sun, 3 Nov 1996 13:33:40 -0500 Received: from [205.178.2.165] by MIT.EDU with SMTP id AA06309; Sun, 3 Nov 96 13:33:37 EST Received: from trailmix.portolacomm.com (john [205.178.2.176]) by porta-sparc.portolacomm.com (8.8.0/8.8.0) with SMTP id KAA00711 for ; Sun, 3 Nov 1996 10:11:21 -0800 (PST) Message-Id: Date: Sun, 3 Nov 1996 10:13:34 -0800 (PST) From: John Gardiner Myers To: krb5-bugs@MIT.EDU Subject: krb5-beta7: SAM preauth broken >Number: 149 >Category: krb5-kdc >Synopsis: krb5-beta7: SAM preauth broken >Confidential: yes >Severity: serious >Priority: high >Responsible: eichin >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sun Nov e 13:34:01 EST 1996 >Last-Modified: Mon Nov 25 12:38:55 EST 1996 >Originator: >Organization: >Release: >Environment: >Description: >How-To-Repeat: >Fix: >Audit-Trail: Responsible-Changed-From-To: gnats-admin->krb5-unassigned Responsible-Changed-By: tlyu Responsible-Changed-When: Wed Nov 13 23:27:05 1996 Responsible-Changed-Why: refiled; uncertain as to whether or not this is a 1.0 issue though. Responsible-Changed-From-To: krb5-unassigned->eichin Responsible-Changed-By: eichin Responsible-Changed-When: Tue Nov 19 17:52:31 1996 Responsible-Changed-Why: I've got preauth changes that should fix this. From: Tom Yu To: "Mark W. Eichin" Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-libs/149: krb5-beta7: SAM preauth broken Date: Wed, 20 Nov 1996 13:36:09 -0500 `Tom Yu' made changes to this PR. *** /tmp/gnatsa0028. Wed Nov 20 13:35:10 1996 --- /tmp/gnatsb0028. Wed Nov 20 13:35:48 1996 *************** *** 14,20 **** >Synopsis: krb5-beta7: SAM preauth broken >Confidential: yes >Severity: serious ! >Priority: medium >Responsible: eichin >State: open >Class: sw-bug --- 14,20 ---- >Synopsis: krb5-beta7: SAM preauth broken >Confidential: yes >Severity: serious ! >Priority: high >Responsible: eichin >State: open >Class: sw-bug Priority changed as per release meeting. State-Changed-From-To: open-feedback State-Changed-By: eichin State-Changed-When: Sat Nov 23 17:47:24 1996 State-Changed-Why: Fixed, by correcting the code in the kdc to send out all preauth tags that it can *construct* rather than all possible ones (leading to incomplete values, leading to the decoder errors below.) State-Changed-From-To: feedback-closed State-Changed-By: tytso State-Changed-When: Mon Nov 25 12:38:36 1996 State-Changed-Why: Thanks for the bug fix, Mark! >Unformatted: Setting the "requires_prauth" field of a principal causes kinit to fail with the message: kinit: ASN.1 structure is missing a required field while getting initial credentials Stepping around in the debugger, this error is being generated by the setup_buf_only() macro of decode_krb5_sam_challenge. This causes kinit to crap out, even though there is another preauth type that it was able to obtain answers for.