Subject: | Unable to renew ticket after CVE-2020-17049 |
To: | krb5-bugs@mit.edu |
From: | "Morten Minde Neergaard" <m-krb@8d.no> |
Date: | Tue, 2 Feb 2021 00:05:39 +0100 |
Hi,
after Microsoft released their fix to CVE-2020-17049 a while back, I
can't renew my tickets made against upgraded Windows servers.
The details have apparently been reported to the kerberos mailing list
earlier[0] but I'll show the symptoms:
$ kinit
Password for username@DOMAIN:
$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1116501893
Default principal: username@DOMAIN
Valid starting Expires Service principal
2021-02-01 23:57:41 2021-02-02 09:57:41 krbtgt/DOMAIN@DOMAIN
renew until 2021-02-02 23:57:37, Flags: RIA
$ kinit -R
kinit: KDC can't fulfill requested option while renewing credentials
If you need any further information, I can try to reproduce and help as
I can (although James Ralston, the author of the aforementioned email,
appears to know more about what he's talking about...)
[0]: https://mailman.mit.edu/pipermail/kerberos/2020-November/022582.html
--
Morten Minde Neergaard
after Microsoft released their fix to CVE-2020-17049 a while back, I
can't renew my tickets made against upgraded Windows servers.
The details have apparently been reported to the kerberos mailing list
earlier[0] but I'll show the symptoms:
$ kinit
Password for username@DOMAIN:
$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1116501893
Default principal: username@DOMAIN
Valid starting Expires Service principal
2021-02-01 23:57:41 2021-02-02 09:57:41 krbtgt/DOMAIN@DOMAIN
renew until 2021-02-02 23:57:37, Flags: RIA
$ kinit -R
kinit: KDC can't fulfill requested option while renewing credentials
If you need any further information, I can try to reproduce and help as
I can (although James Ralston, the author of the aforementioned email,
appears to know more about what he's talking about...)
[0]: https://mailman.mit.edu/pipermail/kerberos/2020-November/022582.html
--
Morten Minde Neergaard