x
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23476 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
21
ChangeLog
21
ChangeLog
@@ -1,3 +1,24 @@
|
|||||||
|
2008-07-28 Love Hornquist Astrand <lha@10a96laptop.meeting.ietf.org>
|
||||||
|
|
||||||
|
* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
|
||||||
|
issues invalid AFS tokens
|
||||||
|
(here "occasionally" means for certain users in certain realms).
|
||||||
|
|
||||||
|
In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
|
||||||
|
is padded to a multiple of 8 bytes. If it is already a multiple of
|
||||||
|
8 bytes, 8 additional 0-bytes are added.
|
||||||
|
|
||||||
|
This catches the AFS krb4 ticket decoder by surprise: unless the
|
||||||
|
ticket is exactly 56 bytes, it only supports the minimum necessary
|
||||||
|
padding. It detects the superfluous padding by comparing the
|
||||||
|
ticket length decoded to the advertised ticket length.
|
||||||
|
|
||||||
|
Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
|
||||||
|
40 bytes, got "padded" to 48 bytes which the rxkad decoder
|
||||||
|
rejected.
|
||||||
|
|
||||||
|
From Rainer Toebbicke.
|
||||||
|
|
||||||
2008-07-25 Love H<>rnquist <20>strand <lha@h5l.org>
|
2008-07-25 Love H<>rnquist <20>strand <lha@h5l.org>
|
||||||
|
|
||||||
* kuser/kinit.c: add --ok-as-delegate and --windows flags
|
* kuser/kinit.c: add --ok-as-delegate and --windows flags
|
||||||
|
|||||||
Reference in New Issue
Block a user