Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2914 From friebel@mail.cern.ch Fri Aug 9 11:31:46 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id LAA03358 for ; Fri, 9 Aug 2002 11:31:46 -0400 (EDT) Received: from smtp3.cern.ch (smtp3.cern.ch [137.138.131.164]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id LAA17863 for ; Fri, 9 Aug 2002 11:31:45 -0400 (EDT) Received: from pcitdis18.cern.ch (pcitdis18.cern.ch [137.138.29.212]) by smtp3.cern.ch (8.12.1/8.12.1) with ESMTP id g79FViTC027204 for ; Fri, 9 Aug 2002 17:31:44 +0200 (MET DST) Received: by pcitdis18.cern.ch (Postfix, from userid 325) id E18541817; Fri, 9 Aug 2002 17:31:43 +0200 (CEST) Message-Id: <20020809153143.E18541817@pcitdis18.cern.ch> Date: Fri, 9 Aug 2002 17:31:43 +0200 (CEST) From: Wolfgang.Friebel@cern.ch Reply-To: Wolfgang.Friebel@cern.ch To: krb5-bugs@mit.edu Subject: string2key gets wrong salt with Heimdal KDC and converted AFS accounts X-Send-Pr-Version: 3.99 >Number: 1146 >Category: krb5-clients >Synopsis: string2key gets wrong salt with Heimdal KDC and converted AFS accounts >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Aug 9 11:32:01 EDT 2002 >Last-Modified: >Originator: Wolfgang FRIEBEL >Organization: CERN >Release: krb5-1.2.5 >Environment: System: Linux pcitdis18 2.4.9-31.1.cern #1 Thu Apr 4 22:42:20 CEST 2002 i686 unknown Architecture: i686 Client (kinit) running against Heimdal KDC (0.4e) on Solaris >Description: A Kerberos4 database was converted with Heimdal tools to K5 and is running with a Heimdal KDC Authentication with Heimdal Clients is ok, authentication with MIT clients does not work for the AFS salted entries. New entries and entries that got new enctypes trough a password change do work. Debugging showed that in string2key the salt->data string had a '@' character appended. By removing the trailing character the MIT client works as well. >How-To-Repeat: see description >Fix: The following context diff solved the problem, but this is only a workaround. I do actually not know whether the bug is in the MIT client code or in the Heimdal server code. *** krb5-1.2.5/src/lib/crypto/des/string2key.c Fri Sep 24 23:17:09 1999 --- krb5-1.2.5/src/lib/crypto/des/string2key.c.new Fri Aug 9 16:48:39 2002 *************** *** 99,104 **** --- 99,107 ---- if (salt) { if (salt->length == -1) { /* cheat and do AFS string2key instead */ + char *c; + c=strchr(salt->data, '@'); + if ( c >= 0 ) *c = '\0'; return mit_afs_string_to_key (keyblock, data, salt); } else length = data->length + salt->length; >Audit-Trail: >Unformatted: