Skip Menu |

From: "Basch, Richard" <>
To: "''" <>
Date: Tue, 28 Aug 2012 14:17:04 -0400
Subject: Principal parsing bug
Download (untitled) / with headers
text/plain 1.4KiB

I don’t know where the bug is yet, but it appears:

                kinit test


                kinit ‘te\st’

both work (tested on a Linux system)



                kinit ‘\t\e\s\t’

does not work.  Only the version of the principal without a backslash was defined.


Backslash interpretation seems to have inconsistent processing within the Kerberos kinit client/library.


On the flip-side, I was able to create a principal with a backslash and only be able to authenticate using that principal with the correct positioning of the backslash.



Richard Basch

VP, Technology - Critical Infrastructure Engineering

30 Hudson St.  24th Floor 24EBF08 | Jersey City, NJ 07302
Goldman, Sachs & Co  |  (917) 343 4071


The Goldman Sachs Group, Inc. All rights reserved.

See for important risk disclosures, conflicts of interest and other terms and conditions relating to this e-mail and your reliance on information contained in it.  This message may contain confidential or privileged information.  If you are not the intended recipient, please advise us immediately and delete this message.  See for further information on confidentiality and the risks of non-secure electronic communication.  If you cannot access these links, please notify us by reply message and we will send the contents to you. 



krb5_parse_name() interprets \n, \t, \b, and \0 as newline, tab, bell,
and nul, and passes through anything else unchanged. So \t\e\s\t is TAB
e s TAB, while te\st is just test.

This is really old behavior even if it's not very consistent or
intuitive, so I don't think we want to touch it without a good reason.