Skip Menu |
 

Download (untitled) / with headers
text/plain 2.6KiB
From krb5-bugs-incoming-bounces@PCH.mit.edu Mon Feb 12 14:56:54 2007
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id OAA12220; Mon, 12 Feb 2007 14:56:54 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l1CJuOfx007794;
Mon, 12 Feb 2007 14:56:24 -0500
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l1CGqtYM025537
for <krb5-bugs-incoming@PCH.mit.edu>; Mon, 12 Feb 2007 11:52:55 -0500
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
l1CGqck3020303
for <krb5-bugs@mit.edu>; Mon, 12 Feb 2007 11:52:38 -0500 (EST)
Received: from COPPERWALL.andrew.cmu.edu (COPPERWALL.andrew.cmu.edu
[128.2.120.35]) by mit.edu (Spam Firewall) with ESMTP id 9B0FF2CBDA8
for <krb5-bugs@mit.edu>; Mon, 12 Feb 2007 11:52:34 -0500 (EST)
Received: by COPPERWALL.andrew.cmu.edu (Postfix, from userid 500)
id 1F8FC2F9BD; Fri, 9 Feb 2007 16:25:44 -0500 (EST)
To: krb5-bugs@mit.edu
Subject: referrals logic in client does not handle single component principals
From: cg2v@COPPERWALL.andrew.cmu.edu
X-send-pr-version: 3.99
Message-Id: <20070212165210.1F8FC2F9BD@COPPERWALL.andrew.cmu.edu>
Date: Fri, 9 Feb 2007 16:25:44 -0500 (EST)
X-Spam-Score: 4.84
X-Spam-Level: **** (4.84)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Mon, 12 Feb 2007 14:56:23 -0500
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: cg2v@COPPERWALL.andrew.cmu.edu
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu


Show quoted text
>Submitter-Id: net
>Originator: Chaskiel Grundman <cg2v@andrew.cmu.edu>
>Organization:
Carnegie Mellon University
Show quoted text
>Confidential: no
>Synopsis: broken referrals logic for single component principals
>Severity: non-critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.6
>Environment:
System: Linux copperwall.andrew.cmu.edu 2.6.17-1.2157_FC5smp #1 SMP Tue Jul 11 23:24:16 EDT 2006 i686 i686 i386 GNU/Linux
Architecture: i686

Show quoted text
>Description:
when a client application asks for a referral for a single-component principal
name, krb5_get_credentials asks the kdc for a referral. This seems
bad, as there is no way for anyone to know what realm is actually relevant to
the client's request.
Show quoted text
>How-To-Repeat:
1) authenticate as a prinicpal in a realm with a single component service
principal (say afs; e.g. ANDREW.CMU.EDU, CS.CMU.EDU, DEMENTIA.ORG)
2) kvno afs@
3) at least with heimdal kdc's, this succeeds and puts an afs@ ticket
in the cred cache.
Show quoted text
>Fix:
[RT_System - Mon Feb 12 14:56:57 2007]:

Show quoted text
> when a client application asks for a referral for a single-component
> principal
> name, krb5_get_credentials asks the kdc for a referral. This seems
> bad, as there is no way for anyone to know what realm is actually
> relevant to
> the client's request.

I've been convinced that it isn't the client's job to decide which
principals are referrable and which aren't, so this report should be
closed or (hijacked for one of the other referrals issues that the
conversation that spawned this report revealed).

Please change the requestor email address to cg2v@andrew.cmu.edu.