Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 4638 From b17783@achilles.ctd.anl.gov Tue Nov 19 14:14:23 1996 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA18881 for ; Tue, 19 Nov 1996 14:14:22 -0500 Received: from achilles.ctd.anl.gov by MIT.EDU with SMTP id AA15112; Tue, 19 Nov 96 14:14:21 EST Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id NAA23394 for ; Tue, 19 Nov 1996 13:14:19 -0600 Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id NAA24770; Tue, 19 Nov 1996 13:14:18 -0600 Message-Id: <199611191914.NAA24770@pembroke.ctd.anl.gov> Date: Tue, 19 Nov 1996 13:14:18 -0600 From: Doug Engert To: krb5-bugs@MIT.EDU Subject: Cross-realm Forward Tickets >Number: 206 >Category: krb5-libs >Synopsis: Cross-realm Forward Tickets >Confidential: yes >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue Nov 19 14:15:01 EST 1996 >Last-Modified: Fri May 30 15:59:28 EDT 1997 >Originator: >Organization: >Release: >Environment: >Description: >How-To-Repeat: >Fix: >Audit-Trail: Responsible-Changed-From-To: gnats-admin->krb5-unassigned Responsible-Changed-By: tlyu Responsible-Changed-When: Tue Nov 19 16:09:53 1996 Responsible-Changed-Why: refiled State-Changed-From-To: open-analyzed State-Changed-By: tlyu State-Changed-When: Tue Feb 11 17:56:40 1997 State-Changed-Why: I think this shouldn't be too difficult to apply... it does seem like the right thing, and we didn't fix it in 1.0. Comments? From: Marc Horowitz To: krb5-bugs@MIT.EDU Cc: Unassigned Problem Report , Doug Engert , krbdev@MIT.EDU Subject: Re: krb5-libs/206: Cross-realm Forward Tickets Date: 11 Feb 1997 20:24:16 -0500 Tom Yu writes: >> I think this shouldn't be too difficult to apply... it does seem like >> the right thing, and we didn't fix it in 1.0. Comments? I applied it to a cygnus source tree, and it seems to work ok. Marc From: Ken Hornstein To: krb5-bugs@MIT.EDU Cc: krbdev@MIT.EDU Subject: Re: krb5-libs/206: Cross-realm Forward Tickets Date: Wed, 12 Feb 1997 01:34:18 -0500 >I think this shouldn't be too difficult to apply... it does seem like >the right thing, and we didn't fix it in 1.0. Comments? I've been running with this patch for quite some time, and it works fine. --Ken State-Changed-From-To: analyzed-feedback State-Changed-By: tlyu State-Changed-When: Wed Feb 12 20:52:18 1997 State-Changed-Why: Patch committed, with a few changes. Files: fwd_tgt.c 5.7 State-Changed-From-To: feedback-closed State-Changed-By: tlyu State-Changed-When: Fri May 30 15:59:14 1997 State-Changed-Why: 1.0pl1 has been released >Unformatted: Synopsis: Unable to forward a ticket across realms. Description: The src/lib/krb5/krb/fwd_tgt.c routine works correctly when used within a single realm, but fails when used between realms. It should be requesting a TGT for the client from the client's realm. This then allows a client such as klogin to forward a TGT for the user to a foreign realm, as if the user had logged in and entered "kinit user@local.realm" Fix: *** ,fwd_tgt.c Sun Apr 28 09:22:54 1996 --- fwd_tgt.c Mon Nov 18 19:28:59 1996 *************** *** 77,84 **** goto errout; if ((retval = krb5_build_principal_ext(context, &creds.server, ! server->realm.length, ! server->realm.data, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, client->realm.length, --- 77,84 ---- goto errout; if ((retval = krb5_build_principal_ext(context, &creds.server, ! client->realm.length, ! client->realm.data, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, client->realm.length, -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F