[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems running krb5 telnet
Jonas Oberg <jonas@coyote.org> writes:
> Program received signal SIGABRT, Aborted.
> 0x4009fa91 in kill ()
> (gdb) bt
> #0 0x4009fa91 in kill ()
> #1 0x4009f6ef in raise ()
> #2 0x400a0e17 in abort ()
> #3 0x80582c8 in krb5_auth_setcksumtype () at auth_context.c:283
> #4 0x8062575 in make_pa_tgs_req (context=0x80a3128, ac=0x80a3a70,
> body=0xbffff85c, padata=0x80a3a60, creds=0xbffff90c) at get_cred.c:101
>
> So, it thinks the ticket is DES-CBC-CRC and Heimdal doesn't support this,
> alas the abort()? Thats interesting when you also consider the fact that
> remote host A runs MIT's krb5 and remote host B runs Heimdal though telnet
> abort()'s when trying to connect to both hosts.
It does support DES-CBC-CRC, it's just that there's an old kludge to
make it work with old DCE secd that you're running into for some
reason. Heimdal tries to get the KDC to talk DES-CBC-MD5 which your
kdc doesn't do some for reason. That code will be changed and fixed
in the next release. If you're not running a really old version of
the MIT krb5 KDC you should be able to just rip out those lines, like
the appended patch. If you get an error for an unsupported encryption
type or something like that you still need to kludge. Tell us if that
happens and we will send you patches to get it to work.
/assar
Index: lib/krb5/get_cred.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/get_cred.c,v
retrieving revision 1.71
diff -u -w -u -w -r1.71 get_cred.c
--- get_cred.c 1999/04/11 23:13:39 1.71
+++ get_cred.c 1999/04/24 10:23:35
@@ -85,30 +85,9 @@
in_data.length = len;
in_data.data = buf + buf_size - len;
- {
- Ticket ticket;
- ret = decode_Ticket(creds->ticket.data, creds->ticket.length,
- &ticket, &len);
- if(ret)
- return ret;
- /*
- * If we get a ticket encrypted with DES-CBC-CRC, it's
- * probably an old DCE secd and then the usual heuristics of
- * using the best algorithm (in this case RSA-MD5 and
- * DES-CBC-MD5) will not work.
- */
- if(ticket.enc_part.etype == ETYPE_DES_CBC_CRC) {
- krb5_auth_setcksumtype(context, ac, CKSUMTYPE_RSA_MD4);
- krb5_auth_setenctype(context, ac, ETYPE_DES_CBC_CRC);
- }
- free_Ticket(&ticket);
-
-
ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
&padata->padata_value,
KRB5_KU_TGS_REQ_AUTH_CKSUM);
-
- }
out:
free (buf);
if(ret)