Skip Menu |
 

Download (untitled) / with headers
text/plain 2.9KiB
From krb5-bugs-incoming-bounces@PCH.MIT.EDU Fri Sep 12 12:14:08 2008
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id m8CGE8o4011375; Fri, 12 Sep 2008 12:14:08 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3TN026764;
Fri, 12 Sep 2008 12:14:03 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFhmOg019953
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 12 Sep 2008 11:43:48 -0400
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
m8CFhboo002961
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:43:37 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mit.edu (Spam Firewall) with ESMTP id CFD4110A8AB8
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:43:16 -0400 (EDT)
Received: from root by spam.ifs.umich.edu with local (Exim 4.69)
(envelope-from <mdw@umich.edu>)
id 1KeAnj-0005gH-R8; Fri, 12 Sep 2008 11:43:15 -0400
To: krb5-bugs@mit.edu
Subject: kadm5_decrypt_key can return invalid encryption type
From: mdw@umich.edu
X-send-pr-version: 3.99
Message-Id: <E1KeAnj-0005gH-R8@spam.ifs.umich.edu>
Date: Fri, 12 Sep 2008 11:43:15 -0400
X-Spam-Score: 0.55
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400
Cc: kwc@umich.edu, vpliakas@umich.edu, mdw@umich.edu
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw@umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU

Show quoted text
>Submitter-Id: net
>Originator: mdw@umich.edu
>Organization:
University of Michigan
Show quoted text
>Confidential: no
>Synopsis: kadm5_decrypt_key sets bad encryption type
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: sw-bug
>Release: 1.6.3
>Environment:
dell pe1750 running umce linux, krb5 1.6.3+patches
System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux

Architecture: i686

Show quoted text
>Description:
kadm5_decrypt_key has a bug which causes it to return an
encryption type of -1 sometimes. This affects
fakeka and krb524d, depending on the choice of encryption
and salt types.
Show quoted text
>How-To-Repeat:
Write a program which calls kadm5_decrypt_key handing it an
encryption key of -1, then look at the encryption key type
returned, or try to use the key.
Show quoted text
>Fix:
Run-time workaround, don't use kerberos 4. If using kerberos 4
and fakeka/krb524d, be careful about salts and encryption types
used. Beware when calling kadm5_decrypt_key in any site specific
code, not to use a wildcard encryption type. Compile-time fix, apply
the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-kbetype.patch
To: rt@krbdev.MIT.EDU
Subject: Re: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 18 Sep 2008 18:51:01 -0400
RT-Send-Cc:
Show quoted text
>>Description:
> kadm5_decrypt_key has a bug which causes it to return an
> encryption type of -1 sometimes. This affects
> fakeka and krb524d, depending on the choice of encryption
> and salt types.

Thanks. This appears to be a duplicate of #5840. Fix was pulled up
to the 1.6 branch in r20584.
To: rt-comment@krbdev.mit.edu
CC: mdw@umich.edu, vpliakas@umich.edu
Subject: Re: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type
Date: Thu, 18 Sep 2008 19:20:04 -0400
From: Marcus Watts <mdw@umich.edu>
RT-Send-Cc:
Show quoted text
> Date: Thu, 18 Sep 2008 22:51:04 -0000
> To: mdw@umich.edu
> From: "Tom Yu via RT" <rt-comment@krbdev.mit.edu>
> Subject: Re: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type
>
> >>Description:
> > kadm5_decrypt_key has a bug which causes it to return an
> > encryption type of -1 sometimes. This affects
> > fakeka and krb524d, depending on the choice of encryption
> > and salt types.
>
> Thanks. This appears to be a duplicate of #5840. Fix was pulled up
> to the 1.6 branch in r20584.
>

Great! Thanks. I take it this is in 1.6.4-beta1?
What are the plans for the 1.6 series at this point?

I'm mainly asking because our production staff are rather
cautious, and won't like the 1.6.4 beta 1 page at all.

-Marcus Watts