From schemers@slapshot.stanford.edu Wed Jan 15 17:22:47 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA20453 for <bugs@RT-11.MIT.EDU>; Wed, 15 Jan 1997 17:22:46 -0500
Received: from slapshot.Stanford.EDU by MIT.EDU with SMTP
id AA10685; Wed, 15 Jan 97 17:22:46 EST
Received: (from schemers@localhost) by slapshot.stanford.edu (8.8.4/8.7.3) id OAA13631; Wed, 15 Jan 1997 14:22:48 -0800 (PST)
Message-Id: <199701152222.OAA13631@slapshot.stanford.edu>
Date: Wed, 15 Jan 1997 14:22:48 -0800 (PST)
From: schemers@stanford.edu
To: krb5-bugs@MIT.EDU
Cc: schemers@slapshot.stanford.edu
Subject: bug in telnet client?
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Wed Feb 12 21:13:12 1997
State-Changed-Why:
This has been dealt with in a different PR (krb5-libs/206).
I'm using K5 1.0, and telnet doesn't seem to forward credentials
properly when I have multiple V5 realms (actually DCE cells), and
I pass the realm on the command line, and the [domain_realm] section
doesn't have the realm I'm trying to forward to in it.
Here is my krb5.conf file that fails:
[libdefaults]
default_realm = test.stanford.edu
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
krb4_config = /etc/leland/krb.conf
krb4_realms = /etc/leland/krb.realms
kdc_req_checksum_type = 2
ap_req_checksum_type = 2
safe_checksum_type = 3
ccache_type = 2
[realms]
stanford.edu = {
kdc = dceauth1.stanford.edu:88
kdc = dceauth2.stanford.edu:88
kdc = dceauth3.stanford.edu:88
default_domain = stanford.edu
}
test.stanford.edu = {
kdc = dcecrash1.stanford.edu:88
}
[domain_realm]
.stanford.edu = stanford.edu
My two realms are "stanford.edu", and "test.stanford.edu".
1151# $krb5/telnet -f -a -x -k test.stanford.edu dcecrash1
Trying 171.64.14.13...
Connected to dcecrash1.Stanford.EDU (171.64.14.13).
Escape character is '^]'.
Waiting for encryption to be negotiated...[ Kerberos V5 accepts you as ``schemers@test.stanford.edu'' ]
done.
Leland 2.0b8 Login Stanford University (C) 1996
Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996
dcecrash1:~ 1#
Notice the credentials don't get forwarded. If I change [domain_realm]
to ".stanford.edu = test.stanford.edu", it works:
# $krb5/telnet -f -a -x -k test.stanford.edu dcecrash1
Trying 171.64.14.13...
Connected to dcecrash1.Stanford.EDU (171.64.14.13).
Escape character is '^]'.
Waiting for encryption to be negotiated...[ Kerberos V5 accepts you as ``schemers@test.stanford.edu'' ]
[ Kerberos V5 accepted forwarded credentials ]
done.
Leland 2.0b8 Login Stanford University (C) 1996
Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996
dcecrash1:~ 1#
That sounds like a bug to me. Maybe for the cred forwarding code is
not use the realm passed on the command line?
thanks, roland
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA20453 for <bugs@RT-11.MIT.EDU>; Wed, 15 Jan 1997 17:22:46 -0500
Received: from slapshot.Stanford.EDU by MIT.EDU with SMTP
id AA10685; Wed, 15 Jan 97 17:22:46 EST
Received: (from schemers@localhost) by slapshot.stanford.edu (8.8.4/8.7.3) id OAA13631; Wed, 15 Jan 1997 14:22:48 -0800 (PST)
Message-Id: <199701152222.OAA13631@slapshot.stanford.edu>
Date: Wed, 15 Jan 1997 14:22:48 -0800 (PST)
From: schemers@stanford.edu
To: krb5-bugs@MIT.EDU
Cc: schemers@slapshot.stanford.edu
Subject: bug in telnet client?
Show quoted text
>Number: 342
>Category: pending
>Synopsis: bug in telnet client?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 15 17:23:01 EST 1997
>Last-Modified: Wed Feb 12 21:13:49 EST 1997
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: pending
>Synopsis: bug in telnet client?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 15 17:23:01 EST 1997
>Last-Modified: Wed Feb 12 21:13:49 EST 1997
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Wed Feb 12 21:13:12 1997
State-Changed-Why:
This has been dealt with in a different PR (krb5-libs/206).
Show quoted text
>Unformatted:
I tried to use krb5-send-pr, but for some reason it didn't work.I'm using K5 1.0, and telnet doesn't seem to forward credentials
properly when I have multiple V5 realms (actually DCE cells), and
I pass the realm on the command line, and the [domain_realm] section
doesn't have the realm I'm trying to forward to in it.
Here is my krb5.conf file that fails:
[libdefaults]
default_realm = test.stanford.edu
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
krb4_config = /etc/leland/krb.conf
krb4_realms = /etc/leland/krb.realms
kdc_req_checksum_type = 2
ap_req_checksum_type = 2
safe_checksum_type = 3
ccache_type = 2
[realms]
stanford.edu = {
kdc = dceauth1.stanford.edu:88
kdc = dceauth2.stanford.edu:88
kdc = dceauth3.stanford.edu:88
default_domain = stanford.edu
}
test.stanford.edu = {
kdc = dcecrash1.stanford.edu:88
}
[domain_realm]
.stanford.edu = stanford.edu
My two realms are "stanford.edu", and "test.stanford.edu".
1151# $krb5/telnet -f -a -x -k test.stanford.edu dcecrash1
Trying 171.64.14.13...
Connected to dcecrash1.Stanford.EDU (171.64.14.13).
Escape character is '^]'.
Waiting for encryption to be negotiated...[ Kerberos V5 accepts you as ``schemers@test.stanford.edu'' ]
done.
Leland 2.0b8 Login Stanford University (C) 1996
Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996
dcecrash1:~ 1#
Notice the credentials don't get forwarded. If I change [domain_realm]
to ".stanford.edu = test.stanford.edu", it works:
# $krb5/telnet -f -a -x -k test.stanford.edu dcecrash1
Trying 171.64.14.13...
Connected to dcecrash1.Stanford.EDU (171.64.14.13).
Escape character is '^]'.
Waiting for encryption to be negotiated...[ Kerberos V5 accepts you as ``schemers@test.stanford.edu'' ]
[ Kerberos V5 accepted forwarded credentials ]
done.
Leland 2.0b8 Login Stanford University (C) 1996
Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996
dcecrash1:~ 1#
That sounds like a bug to me. Maybe for the cred forwarding code is
not use the realm passed on the command line?
thanks, roland