(here "occasionally" means for certain users in certain realms).
In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket is
padded to a multiple of 8 bytes. If it is already a multiple of 8
bytes, 8 additional 0-bytes are added.
This catches the AFS krb4 ticket decoder by surprise: unless the
ticket is exactly 56 bytes, it only supports the minimum necessary
padding. It detects the superfluous padding by comparing the ticket
length decoded to the advertised ticket length.
Hence a 7-letter userid in "cern.ch" which resulted in a ticket of 40
bytes, got "padded" to 48 bytes which the rxkad decoder rejected.
From Rainer Toebbicke.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23475 ec53bebd-3082-4978-b11e-865c3cabbd6b
ba2127c788