Skip Menu |
 

Download (untitled) / with headers
text/plain 1.7KiB
From tlyu@MIT.EDU Fri Aug 16 17:00:29 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id RAA25912
for <bugs@RT-11.mit.edu>; Fri, 16 Aug 2002 17:00:28 -0400 (EDT)
Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id RAA19417
for <krb5-bugs@mit.edu>; Fri, 16 Aug 2002 17:00:28 -0400 (EDT)
Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3)
id RAA29599; Fri, 16 Aug 2002 17:00:27 -0400 (EDT)
Message-Id: <200208162100.RAA29599@saint-elmos-fire.mit.edu>
Date: Fri, 16 Aug 2002 17:00:27 -0400 (EDT)
From: tlyu@MIT.EDU
Reply-To: tlyu@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: KDC client lockout for DISALLOW_ALL_TIX or expiration
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 1149
>Category: krb5-kdc
>Synopsis: KDC client lockout for DISALLOW_ALL_TIX or expiration
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Aug 16 17:01:00 EDT 2002
>Last-Modified:
>Originator: Tom Yu
>Organization:
mit
Show quoted text
>Release: 1.2.6
>Environment:

System: SunOS saint-elmos-fire.mit.edu 5.8 Generic_108528-13 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
>Description:
The KDC doesn't check the client principal for
DISALLOW_ALL_TIX or for expiration. This happens while handling krb5
TGS_REQ or krb4 APPL_REQ, or when converting a krb5 ticket to krb4.

Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:
Code needs to be written to check for the local realm in the
client principal, and to do the lookup and flag/expiration check.
Show quoted text
>Audit-Trail:
>Unformatted: