Re: [krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO

Greg Hudson via RT
Could you please look at svn revision 17424 to see if it fixes the
problem?  My tracing through the code in a debugger shows that it
does, but I would like some verification.  Let me know if you prefer a
diff rather than pulling the patch out of svn.

---Tom

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO

Greg Hudson via RT
On Thu, Oct 13, 2005 at 06:56:39PM -0400, Tom Yu via RT wrote:
> Could you please look at svn revision 17424 to see if it fixes the
> problem?  My tracing through the code in a debugger shows that it
> does, but I would like some verification.  Let me know if you prefer a
> diff rather than pulling the patch out of svn.

I'm looking at it now.  I'll get back to you shortly.

--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO

Greg Hudson via RT
In reply to this post by Greg Hudson via RT
On Fri, Oct 14, 2005 at 01:55:45PM -0400, [hidden email] via RT wrote:
> On Thu, Oct 13, 2005 at 06:56:39PM -0400, Tom Yu via RT wrote:
> > Could you please look at svn revision 17424 to see if it fixes the
> > problem?  My tracing through the code in a debugger shows that it
> > does, but I would like some verification.  Let me know if you prefer a
> > diff rather than pulling the patch out of svn.
>
> I'm looking at it now.  I'll get back to you shortly.

It looks good to me.  Another way to verify the code is doing the right
thing is set default_tkt_enctypes = des-cbc-rc, kinit for a princ that
has long term keys that include newer enctypes in addition to DES,
capture the krb AS exchange on the wire and examine it with the latest
developer version of ethereal (I recently submitted a patch so it will
parse PA-ETYPE-INFO2 and newer enctypes).  This is how I discovered the
bug.

--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO

Greg Hudson via RT
In reply to this post by Greg Hudson via RT
>>>>> "Will" == william fiveash@sun com via RT <[hidden email]> writes:

Will> It looks good to me.  Another way to verify the code is doing the right
Will> thing is set default_tkt_enctypes = des-cbc-rc, kinit for a princ that
Will> has long term keys that include newer enctypes in addition to DES,
Will> capture the krb AS exchange on the wire and examine it with the latest
Will> developer version of ethereal (I recently submitted a patch so it will
Will> parse PA-ETYPE-INFO2 and newer enctypes).  This is how I discovered the
Will> bug.

Ok, thanks for the confirmation!

---Tom

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs