From krb5-bugs-incoming-bounces@PCH.mit.edu Wed Oct 5 17:14:20 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id RAA16778; Wed, 5 Oct 2005 17:14:20 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j95LDhpx024203
for <krb5-send-pr@krbdev.mit.edu>; Wed, 5 Oct 2005 17:13:43 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j94LH4px028536
for <krb5-bugs-incoming@PCH.mit.edu>; Tue, 4 Oct 2005 17:17:04 -0400
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36])
j94LH2cH026413
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 17:17:02 -0400 (EDT)
Received: from centralmail1brm.Central.Sun.COM
(centralmail1brm.central.sun.com [129.147.62.1])
by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j94LH1vD005719
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 15:17:02 -0600 (MDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
with ESMTP id j94LGxZv016207
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 15:17:00 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
j94LGrfo002666
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 16:16:53 -0500 (CDT)
Received: (from willf@localhost)
by alton.central.sun.com (8.13.4+Sun/8.13.3/Submit) id j94LGq8w002661;
Tue, 4 Oct 2005 16:16:52 -0500 (CDT)
Date: Tue, 4 Oct 2005 16:16:52 -0500 (CDT)
Message-Id: <200510042116.j94LGq8w002661@alton.central.sun.com>
To: krb5-bugs@mit.edu
From: william.fiveash@sun.com
X-send-pr-version: 3.99
X-Spam-Score: -1.366
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Wed, 05 Oct 2005 17:13:43 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: william.fiveash@sun.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
System: SunOS alton 5.10 Generic_118822-18 sun4u sparc SUNW,Sun-Blade-1000
Architecture: sun4
The most current version of krb is using the client long-term key
enctype in the PA-ETYPE-INFO2 part of the AS_REP padata. This violates
RFC4120 which states that the enctype of the enc-part should be used.
Pragmatically if the client's long-term key has des-cbc-md5 and
default_tkt_enctypes = des-cbc-crc then kinit fails.
See the description.
In kdc_preauth.c:return_etype_info2()
+ /* using encrypting_key->enctype as this is specified in rfc4120 */
retval = _make_etype_info_entry(context, request,
- client_key, client_key->key_data_type[0],
+ client_key, encrypting_key->enctype,
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id RAA16778; Wed, 5 Oct 2005 17:14:20 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j95LDhpx024203
for <krb5-send-pr@krbdev.mit.edu>; Wed, 5 Oct 2005 17:13:43 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j94LH4px028536
for <krb5-bugs-incoming@PCH.mit.edu>; Tue, 4 Oct 2005 17:17:04 -0400
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36])
j94LH2cH026413
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 17:17:02 -0400 (EDT)
Received: from centralmail1brm.Central.Sun.COM
(centralmail1brm.central.sun.com [129.147.62.1])
by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j94LH1vD005719
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 15:17:02 -0600 (MDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
with ESMTP id j94LGxZv016207
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 15:17:00 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
j94LGrfo002666
for <krb5-bugs@mit.edu>; Tue, 4 Oct 2005 16:16:53 -0500 (CDT)
Received: (from willf@localhost)
by alton.central.sun.com (8.13.4+Sun/8.13.3/Submit) id j94LGq8w002661;
Tue, 4 Oct 2005 16:16:52 -0500 (CDT)
Date: Tue, 4 Oct 2005 16:16:52 -0500 (CDT)
Message-Id: <200510042116.j94LGq8w002661@alton.central.sun.com>
To: krb5-bugs@mit.edu
From: william.fiveash@sun.com
X-send-pr-version: 3.99
X-Spam-Score: -1.366
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Wed, 05 Oct 2005 17:13:43 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: william.fiveash@sun.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
Show quoted text
>Submitter-Id: net
>Originator: William Fiveash
>Organization: Sun Microsystems Inc
>Originator: William Fiveash
>Organization: Sun Microsystems Inc
Show quoted text
>Confidential: no
>Synopsis: AS_REP padata has wrong enctype
>Severity: non-critical
>Priority: low
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-current
>Environment:
>Synopsis: AS_REP padata has wrong enctype
>Severity: non-critical
>Priority: low
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-current
>Environment:
System: SunOS alton 5.10 Generic_118822-18 sun4u sparc SUNW,Sun-Blade-1000
Architecture: sun4
Show quoted text
>Description:
The most current version of krb is using the client long-term key
enctype in the PA-ETYPE-INFO2 part of the AS_REP padata. This violates
RFC4120 which states that the enctype of the enc-part should be used.
Pragmatically if the client's long-term key has des-cbc-md5 and
default_tkt_enctypes = des-cbc-crc then kinit fails.
Show quoted text
>How-To-Repeat:
See the description.
Show quoted text
>Fix:
In kdc_preauth.c:return_etype_info2()
+ /* using encrypting_key->enctype as this is specified in rfc4120 */
retval = _make_etype_info_entry(context, request,
- client_key, client_key->key_data_type[0],
+ client_key, encrypting_key->enctype,