Skip Menu |

Download (untitled) / with headers
text/plain 3.6KiB
From Wed Feb 2 23:01:31 2000
by (8.9.3/8.9.3) with SMTP id XAA20332
for <bugs@RT-11.MIT.EDU>; Wed, 2 Feb 2000 23:01:29 -0500 (EST)
Received: from by MIT.EDU with SMTP
id AA04669; Wed, 2 Feb 00 23:02:38 EST
Received: (from uucp@localhost)
by (8.9.1a/8.9.1) id RAA23989
for <>; Thu, 3 Feb 2000 17:01:24 +1300 (NZDT)
Received: from unknown( by via smap (V5.0)
id xma023942; Thu, 3 Feb 00 17:00:57 +1300
Received: from ( [])
by (8.9.1a/8.9.1) with SMTP id RAA14220
for <>; Thu, 3 Feb 2000 17:00:53 +1300 (NZDT)
Received: from ( by
Thursday, February 03, 2000 16:58:43
Received: by with Internet Mail Service (5.5.2650.10)
id <DZRP5T6B>; Thu, 3 Feb 2000 17:00:35 +1300
Message-Id: <>
Date: Thu, 3 Feb 2000 17:00:33 +1300
From: "Thompson, Kerry" <>
To: "''" <krb5-bugs@MIT.EDU>
Subject: Bug? - forwarding tickets to telnetd/login.krb5 allows root acces

Show quoted text
>Number: 820
>Category: krb5-appl
>Synopsis: Bug? - forwarding tickets to telnetd/login.krb5 allows root acces
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Feb 2 23:02:01 EST 2000
>Last-Modified: Tue Feb 22 16:32:31 EST 2000
>Originator: "Thompson, Kerry" <>

When I use 'telnet -Fa' to forward my credentials to the destination host
and auto-authenticate, I end up with root access ( whether my principal is
in /.k5login or not ). This could be a problem in some installations.

This seems to be a new problem in krb5 1.1.0, it wasn't occurring in 1.0.5.
In fact, installing the older 1.0.5 login.krb5 program seems to fix the

aklndcwu: id
uid=106(xthomk) gid=101(security)
aklndcwu: kdestroy
aklndcwu: kinit -f
Password for xthomk@AIRNZ.CO.NZ:
aklndcwu: telnet -Fa aklia02u
Connected to (
Escape character is '^]'.
[ Kerberos V5 accepts you as ``xthomk@AIRNZ.CO.NZ'' ]
[ Kerberos V5 accepted forwarded credentials ]

Sun Microsystems Inc. SunOS 5.6 Loaded : Mon Nov 1 17:37:13 NZDT 1999
aklia02u: id
uid=0(root) gid=101(security)

aklia02u: cat /.k5login

Kerry Thompson
Air NZ Border Management
Show quoted text
CAUTION - This message may contain privileged and confidential
information intended only for the use of the addressee named above.
If you are not the intended recipient of this message you are hereby
notified that any use, dissemination, distribution or reproduction
of this message is prohibited. If you have received this message in
error please notify Air New Zealand immediately. Any views expressed
in this message are those of the individual sender and may not
necessarily reflect the views of Air New Zealand.

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Tue Feb 22 16:32:21 2000

Reformat, fix category.

Fixed long ago.