x
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23476 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
21
ChangeLog
21
ChangeLog
@@ -1,3 +1,24 @@
|
||||
2008-07-28 Love Hornquist Astrand <lha@10a96laptop.meeting.ietf.org>
|
||||
|
||||
* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
|
||||
issues invalid AFS tokens
|
||||
(here "occasionally" means for certain users in certain realms).
|
||||
|
||||
In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
|
||||
is padded to a multiple of 8 bytes. If it is already a multiple of
|
||||
8 bytes, 8 additional 0-bytes are added.
|
||||
|
||||
This catches the AFS krb4 ticket decoder by surprise: unless the
|
||||
ticket is exactly 56 bytes, it only supports the minimum necessary
|
||||
padding. It detects the superfluous padding by comparing the
|
||||
ticket length decoded to the advertised ticket length.
|
||||
|
||||
Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
|
||||
40 bytes, got "padded" to 48 bytes which the rxkad decoder
|
||||
rejected.
|
||||
|
||||
From Rainer Toebbicke.
|
||||
|
||||
2008-07-25 Love H<>rnquist <20>strand <lha@h5l.org>
|
||||
|
||||
* kuser/kinit.c: add --ok-as-delegate and --windows flags
|
||||
|
Reference in New Issue
Block a user