From b17783@achilles.ctd.anl.gov Tue Nov 19 14:14:23 1996
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA18881 for <bugs@RT-11.MIT.EDU>; Tue, 19 Nov 1996 14:14:22 -0500
Received: from achilles.ctd.anl.gov by MIT.EDU with SMTP
id AA15112; Tue, 19 Nov 96 14:14:21 EST
Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id NAA23394 for <krb5-bugs@mit.edu>; Tue, 19 Nov 1996 13:14:19 -0600
Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id NAA24770; Tue, 19 Nov 1996 13:14:18 -0600
Message-Id: <199611191914.NAA24770@pembroke.ctd.anl.gov>
Date: Tue, 19 Nov 1996 13:14:18 -0600
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
Subject: Cross-realm Forward Tickets
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: tlyu
Responsible-Changed-When: Tue Nov 19 16:09:53 1996
Responsible-Changed-Why:
refiled
State-Changed-From-To: open-analyzed
State-Changed-By: tlyu
State-Changed-When: Tue Feb 11 17:56:40 1997
State-Changed-Why:
I think this shouldn't be too difficult to apply... it does seem like
the right thing, and we didn't fix it in 1.0. Comments?
From: Marc Horowitz <marc@cygnus.com>
To: krb5-bugs@MIT.EDU
Cc: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>,
Doug Engert <DEEngert@anl.gov>, krbdev@MIT.EDU
Subject: Re: krb5-libs/206: Cross-realm Forward Tickets
Date: 11 Feb 1997 20:24:16 -0500
Tom Yu <tlyu@MIT.EDU> writes:
I applied it to a cygnus source tree, and it seems to work ok.
Marc
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: krb5-bugs@MIT.EDU
Cc: krbdev@MIT.EDU
Subject: Re: krb5-libs/206: Cross-realm Forward Tickets
Date: Wed, 12 Feb 1997 01:34:18 -0500
I've been running with this patch for quite some time, and it works fine.
--Ken
State-Changed-From-To: analyzed-feedback
State-Changed-By: tlyu
State-Changed-When: Wed Feb 12 20:52:18 1997
State-Changed-Why:
Patch committed, with a few changes.
Files: fwd_tgt.c 5.7
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Fri May 30 15:59:14 1997
State-Changed-Why:
1.0pl1 has been released
Unable to forward a ticket across realms.
Description:
The src/lib/krb5/krb/fwd_tgt.c routine works correctly when used
within a single realm, but fails when used between realms.
It should be requesting a TGT for the client from the client's realm.
This then allows a client such as klogin to forward a TGT for the
user to a foreign realm, as if the user had logged in and
entered "kinit user@local.realm"
Fix:
*** ,fwd_tgt.c Sun Apr 28 09:22:54 1996
--- fwd_tgt.c Mon Nov 18 19:28:59 1996
***************
*** 77,84 ****
goto errout;
if ((retval = krb5_build_principal_ext(context, &creds.server,
! server->realm.length,
! server->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
client->realm.length,
--- 77,84 ----
goto errout;
if ((retval = krb5_build_principal_ext(context, &creds.server,
! client->realm.length,
! client->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
client->realm.length,
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444 <New Area Code 8/3/96>
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA18881 for <bugs@RT-11.MIT.EDU>; Tue, 19 Nov 1996 14:14:22 -0500
Received: from achilles.ctd.anl.gov by MIT.EDU with SMTP
id AA15112; Tue, 19 Nov 96 14:14:21 EST
Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id NAA23394 for <krb5-bugs@mit.edu>; Tue, 19 Nov 1996 13:14:19 -0600
Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id NAA24770; Tue, 19 Nov 1996 13:14:18 -0600
Message-Id: <199611191914.NAA24770@pembroke.ctd.anl.gov>
Date: Tue, 19 Nov 1996 13:14:18 -0600
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
Subject: Cross-realm Forward Tickets
Show quoted text
>Number: 206
>Category: krb5-libs
>Synopsis: Cross-realm Forward Tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 19 14:15:01 EST 1996
>Last-Modified: Fri May 30 15:59:28 EDT 1997
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: krb5-libs
>Synopsis: Cross-realm Forward Tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 19 14:15:01 EST 1996
>Last-Modified: Fri May 30 15:59:28 EDT 1997
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: tlyu
Responsible-Changed-When: Tue Nov 19 16:09:53 1996
Responsible-Changed-Why:
refiled
State-Changed-From-To: open-analyzed
State-Changed-By: tlyu
State-Changed-When: Tue Feb 11 17:56:40 1997
State-Changed-Why:
I think this shouldn't be too difficult to apply... it does seem like
the right thing, and we didn't fix it in 1.0. Comments?
From: Marc Horowitz <marc@cygnus.com>
To: krb5-bugs@MIT.EDU
Cc: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>,
Doug Engert <DEEngert@anl.gov>, krbdev@MIT.EDU
Subject: Re: krb5-libs/206: Cross-realm Forward Tickets
Date: 11 Feb 1997 20:24:16 -0500
Tom Yu <tlyu@MIT.EDU> writes:
Show quoted text
>> I think this shouldn't be too difficult to apply... it does seem like
>> the right thing, and we didn't fix it in 1.0. Comments?
>> the right thing, and we didn't fix it in 1.0. Comments?
I applied it to a cygnus source tree, and it seems to work ok.
Marc
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: krb5-bugs@MIT.EDU
Cc: krbdev@MIT.EDU
Subject: Re: krb5-libs/206: Cross-realm Forward Tickets
Date: Wed, 12 Feb 1997 01:34:18 -0500
Show quoted text
>I think this shouldn't be too difficult to apply... it does seem like
>the right thing, and we didn't fix it in 1.0. Comments?
>the right thing, and we didn't fix it in 1.0. Comments?
I've been running with this patch for quite some time, and it works fine.
--Ken
State-Changed-From-To: analyzed-feedback
State-Changed-By: tlyu
State-Changed-When: Wed Feb 12 20:52:18 1997
State-Changed-Why:
Patch committed, with a few changes.
Files: fwd_tgt.c 5.7
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Fri May 30 15:59:14 1997
State-Changed-Why:
1.0pl1 has been released
Show quoted text
>Unformatted:
Synopsis:Unable to forward a ticket across realms.
Description:
The src/lib/krb5/krb/fwd_tgt.c routine works correctly when used
within a single realm, but fails when used between realms.
It should be requesting a TGT for the client from the client's realm.
This then allows a client such as klogin to forward a TGT for the
user to a foreign realm, as if the user had logged in and
entered "kinit user@local.realm"
Fix:
*** ,fwd_tgt.c Sun Apr 28 09:22:54 1996
--- fwd_tgt.c Mon Nov 18 19:28:59 1996
***************
*** 77,84 ****
goto errout;
if ((retval = krb5_build_principal_ext(context, &creds.server,
! server->realm.length,
! server->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
client->realm.length,
--- 77,84 ----
goto errout;
if ((retval = krb5_build_principal_ext(context, &creds.server,
! client->realm.length,
! client->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
client->realm.length,
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444 <New Area Code 8/3/96>
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F