Skip Menu |
 

To: krb5-bugs@mit.edu
Subject: Need support for etype_info2
Date: Tue, 6 May 2003 13:21:03 -0400 (EDT)
From: hartmans@MIT.EDU (Sam Hartman)

In order to properly support AES, we must:

* Implement encoders and decoders for etype_info2

* Only send etype_info2 when we are dealing with a new enctype in the KDC

* Prefer etype_info2 to other forms of etype specification on the client.
From: hartmans@mit.edu
Subject: CVS Commit
Implement encoders for etype_info2 and add support to s2kparams for
decoders.


To generate a diff of this commit:



cvs diff -r1.355 -r1.356 krb5/src/include/ChangeLog
cvs diff -r1.137 -r1.138 krb5/src/include/k5-int.h
cvs diff -r5.137 -r5.138 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.44 -r5.45 krb5/src/lib/krb5/asn.1/asn1_k_decode.c
cvs diff -r5.29 -r5.30 krb5/src/lib/krb5/asn.1/asn1_k_encode.c
cvs diff -r5.14 -r5.15 krb5/src/lib/krb5/asn.1/asn1_k_encode.h
cvs diff -r5.40 -r5.41 krb5/src/lib/krb5/asn.1/krb5_decode.c
cvs diff -r5.26 -r5.27 krb5/src/lib/krb5/asn.1/krb5_encode.c
cvs diff -r5.387 -r5.388 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.12 -r5.13 krb5/src/lib/krb5/krb/kfree.c
cvs diff -r1.71 -r1.72 krb5/src/tests/asn.1/ChangeLog
cvs diff -r1.19 -r1.20 krb5/src/tests/asn.1/krb5_encode_test.c
cvs diff -r1.16 -r1.17 krb5/src/tests/asn.1/ktest.c
cvs diff -r1.9 -r1.10 krb5/src/tests/asn.1/ktest.h
krb5/src/tests/asn.1/reference_encode.out
cvs diff -r1.11 -r1.12 krb5/src/tests/asn.1/trval_reference.out
From: hartmans@mit.edu
Subject: CVS Commit
Fix typo.


To generate a diff of this commit:



cvs diff -r5.13 -r5.14 krb5/src/lib/krb5/krb/kfree.c
From: hartmans@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.3KiB
* IMplement etype_info in KDC. If the request contains any new
enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response. Send back etype_info2
all the time. Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.

* Expose interface for getting string2key with parameters (previously
implemented but not exported)

* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt. Pass s2kparams and use
string2key_with_params.


To generate a diff of this commit:



cvs diff -r1.358 -r1.359 krb5/src/include/ChangeLog
cvs diff -r1.139 -r1.140 krb5/src/include/k5-int.h
cvs diff -r1.156 -r1.157 krb5/src/include/krb5.hin
cvs diff -r5.257 -r5.258 krb5/src/kdc/ChangeLog
cvs diff -r5.38 -r5.39 krb5/src/kdc/kdc_preauth.c
cvs diff -r1.121 -r1.122 krb5/src/lib/ChangeLog
cvs diff -r1.34 -r1.35 krb5/src/lib/krb5_32.def
cvs diff -r5.137 -r5.138 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.6 -r5.7 krb5/src/lib/crypto/string_to_key.c
cvs diff -r5.391 -r5.392 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.101 -r5.102 krb5/src/lib/krb5/krb/get_in_tkt.c
cvs diff -r5.10 -r5.11 krb5/src/lib/krb5/krb/gic_keytab.c
cvs diff -r5.19 -r5.20 krb5/src/lib/krb5/krb/gic_pwd.c
cvs diff -r5.23 -r5.24 krb5/src/lib/krb5/krb/preauth2.c
To: rt@krbdev.mit.edu
Subject: [krbdev.mit.edu #1454] Remaining work
Date: Sun, 11 May 2003 23:03:02 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
RT-Send-Cc:


I believe this implementation is complete except that it does not deal
with get_in_tkt.

We cannot ignore get_in_tkt because it used by ksu and kadmin within
our tree. We probably do not want to change that for now.

I will next look at how easy it is to merge preauth2.c and preauth.c.
Date: Sun, 11 May 2003 21:36:21 -0700
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Sam Hartman via RT <rt-comment@krbdev.mit.edu>
Subject: [priv] Re: [krbdev.mit.edu #1454] Remaining work
RT-Send-Cc:
On Sun, May 11, 2003 at 11:03:07PM -0400, Sam Hartman via RT wrote:
Show quoted text
> I will next look at how easy it is to merge preauth2.c and preauth.c.

Is it easier than fixing ksu and kadmin to use krb5_gic_pwd()?

Show quoted text
> I believe this implementation is complete except that it does not deal
> with get_in_tkt.
>
> We cannot ignore get_in_tkt because it used by ksu and kadmin within
> our tree. We probably do not want to change that for now.

IMO you should deprecate get_in_tkt. Sure, that means chaning ksu and
kadmin - but I think it's worth it (ok, yes, I might think that,
particularly since you'd be doing the work :)

Cheers,

Nico
--
Date: Sun, 11 May 2003 23:37:32 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Sam Hartman via RT <rt-comment@krbdev.mit.edu>
Subject: Re: [priv] Re: [krbdev.mit.edu #1454] Remaining work
RT-Send-Cc:
Ugh. I meant for this to be private. Oh well - teaches me :/

On Sun, May 11, 2003 at 09:36:21PM -0700, Nicolas Williams wrote:
Show quoted text
> On Sun, May 11, 2003 at 11:03:07PM -0400, Sam Hartman via RT wrote:
> > I will next look at how easy it is to merge preauth2.c and preauth.c.
>
> Is it easier than fixing ksu and kadmin to use krb5_gic_pwd()?
>
> > I believe this implementation is complete except that it does not deal
> > with get_in_tkt.
> >
> > We cannot ignore get_in_tkt because it used by ksu and kadmin within
> > our tree. We probably do not want to change that for now.
>
> IMO you should deprecate get_in_tkt. Sure, that means chaning ksu and
> kadmin - but I think it's worth it (ok, yes, I might think that,
> particularly since you'd be doing the work :)
>
> Cheers,
>
> Nico
> --
To: rt-comment@krbdev.mit.edu
Subject: Re: [priv] Re: [krbdev.mit.edu #1454] Remaining work
From: Sam Hartman <hartmans@mit.edu>
Date: Mon, 12 May 2003 11:06:52 -0400
RT-Send-Cc:
Show quoted text
>>>>> "Nicolas" == Nicolas Williams via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text
Nicolas> On Sun, May 11, 2003 at 11:03:07PM -0400, Sam Hartman via
Nicolas> RT wrote:
Show quoted text
>> I will next look at how easy it is to merge preauth2.c and
>> preauth.c.

Show quoted text
Nicolas> Is it easier than fixing ksu and kadmin to use
Nicolas> krb5_gic_pwd()?

Yes, I think so. I'll look at that too, but even if I change kadmin
and ksu I'll have to change krb5_get_in_tkt to ignore AES.

I think krb5_get_in_tkt is public and potentially used by external
applications, but it is (or will be) marked as deprecated and you'll
have to compile with a special define to get a prototype.
From: tlyu@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.6KiB
pullups from trunk


To generate a diff of this commit:



cvs diff -r1.348.2.5 -r1.348.2.6 krb5/src/include/ChangeLog
cvs diff -r1.135.2.1 -r1.135.2.2 krb5/src/include/k5-int.h
cvs diff -r1.154.2.2 -r1.154.2.3 krb5/src/include/krb5.hin
cvs diff -r5.251.2.5 -r5.251.2.6 krb5/src/kdc/ChangeLog
cvs diff -r5.35.2.2 -r5.35.2.3 krb5/src/kdc/kdc_preauth.c
cvs diff -r1.119.2.2 -r1.119.2.3 krb5/src/lib/ChangeLog
cvs diff -r1.32.2.2 -r1.32.2.3 krb5/src/lib/krb5_32.def
cvs diff -r5.136 -r5.136.2.1 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.6 -r5.6.2.1 krb5/src/lib/crypto/string_to_key.c
cvs diff -r5.135.2.2 -r5.135.2.3 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.43.2.1 -r5.43.2.2
krb5/src/lib/krb5/asn.1/asn1_k_decode.c
cvs diff -r5.29 -r5.29.2.1 krb5/src/lib/krb5/asn.1/asn1_k_encode.c
cvs diff -r5.14 -r5.14.2.1 krb5/src/lib/krb5/asn.1/asn1_k_encode.h
cvs diff -r5.40 -r5.40.2.1 krb5/src/lib/krb5/asn.1/krb5_decode.c
cvs diff -r5.25.2.1 -r5.25.2.2
krb5/src/lib/krb5/asn.1/krb5_encode.c
cvs diff -r5.378.2.5 -r5.378.2.6 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.101 -r5.101.2.1 krb5/src/lib/krb5/krb/get_in_tkt.c
cvs diff -r5.10 -r5.10.2.1 krb5/src/lib/krb5/krb/gic_keytab.c
cvs diff -r5.19 -r5.19.2.1 krb5/src/lib/krb5/krb/gic_pwd.c
cvs diff -r5.10.2.1 -r5.10.2.2 krb5/src/lib/krb5/krb/kfree.c
cvs diff -r5.23 -r5.23.2.1 krb5/src/lib/krb5/krb/preauth2.c
cvs diff -r1.71 -r1.71.2.1 krb5/src/tests/asn.1/ChangeLog
cvs diff -r1.19 -r1.19.4.1 krb5/src/tests/asn.1/krb5_encode_test.c
cvs diff -r1.16 -r1.16.4.1 krb5/src/tests/asn.1/ktest.c
cvs diff -r1.9 -r1.9.2.1 krb5/src/tests/asn.1/ktest.h
krb5/src/tests/asn.1/reference_encode.out
cvs diff -r1.11 -r1.11.2.1 krb5/src/tests/asn.1/trval_reference.out