Bug#414735: marked as done (inetutils-telnet: Kerberos 5 authentication doesn't work)

Wed, 14 Mar 2007 18:12:59 -0800 

Your message dated Thu, 15 Mar 2007 02:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414735: fixed in inetutils 2:1.5.dfsg.1-4
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: inetutils-telnet
Version: 1.5.dfsg.1-2
Tags: patch

Hi!  Thanks for linking to Shishi for Kerberos 5 authentication!
Alas, it doesn't quite work. :(

I debugged the problem and the patch to fix this is below.

A typical error message would be:

[EMAIL PROTECTED]:~$ telnet -a my.nada.kth.se
Trying 130.237.226.234...
Encryption is verbose
Automatic decryption of input is enabled
Automatic encryption of output is enabled
Will send login name and/or authentication information.
Connected to my.nada.kth.se.
Escape character is '^]'.
[ Kerberos V5 refuses authentication because Read req failed: Service key not 
available ]
[ Kerberos V5 refuses authentication because Read req failed: Service key not 
available ]
telnetd: Authorization failed.
Connection closed by foreign host.
[EMAIL PROTECTED]:~$

The patch below solves this, and now it works:

[EMAIL PROTECTED]:~$ ~/src/inetutils/telnet/telnet -a my.nada.kth.se
Trying 130.237.226.234...
Encryption is verbose
Automatic decryption of input is enabled
Automatic encryption of output is enabled
Will send login name and/or authentication information.
Connected to my.nada.kth.se.
Escape character is '^]'.
[ Kerberos V5 accepts you as [EMAIL PROTECTED]'' (server authenticated) ]
[ Output is now encrypted with type DES_CFB64 ]
[ Input is now decrypted with type DES_CFB64 ]
...

See also:

http://thread.gmane.org/gmane.comp.gnu.inetutils.bugs/1346

I know it is late, but any chance of getting this into etch?  It is
arguable an 'important' severity, and approving a new package with
this minimal patch might be possible.

Thanks,
Simon

2007-03-13  Simon Josefsson  <[EMAIL PROTECTED]>

        * libtelnet/shishi.c (krb5shishi_send): Don't set a
        use-session-key ap-options, that is for user2user authentication
        which is not appropriate here.

--- shishi.c    08 Mar 2007 15:02:20 +0100      1.2
+++ shishi.c    13 Mar 2007 17:31:30 +0100      
@@ -1,4 +1,4 @@
-/* Copyright (C) 2002, 2003 Simon Josefsson
+/* Copyright (C) 2002, 2003, 2007 Simon Josefsson
    Copyright (C) 2003 Free Software Foundation, Inc.
 
 This file is part of Shishi / GNU Inetutils.
@@ -169,10 +169,6 @@
   else
     ap_opts = 0;
 
-# ifdef ENCRYPTION
-  ap_opts |= SHISHI_APOPTIONS_USE_SESSION_KEY;
-# endif        /* ENCRYPTION */
-
   type_check[0] = ap->type;
   type_check[1] = ap->way;

--- End Message ---
--- Begin Message --- 
Source: inetutils
Source-Version: 2:1.5.dfsg.1-4

We believe that the bug you reported is fixed in the latest version of
inetutils, which is due to be installed in the Debian FTP archive:

inetutils-ftp_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-ftp_1.5.dfsg.1-4_i386.deb
inetutils-ftpd_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-ftpd_1.5.dfsg.1-4_i386.deb
inetutils-inetd_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-inetd_1.5.dfsg.1-4_i386.deb
inetutils-ping_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-ping_1.5.dfsg.1-4_i386.deb
inetutils-syslogd_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-syslogd_1.5.dfsg.1-4_i386.deb
inetutils-talk_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-talk_1.5.dfsg.1-4_i386.deb
inetutils-talkd_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-talkd_1.5.dfsg.1-4_i386.deb
inetutils-telnet_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-telnet_1.5.dfsg.1-4_i386.deb
inetutils-telnetd_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-telnetd_1.5.dfsg.1-4_i386.deb
inetutils-tools_1.5.dfsg.1-4_i386.deb
  to pool/main/i/inetutils/inetutils-tools_1.5.dfsg.1-4_i386.deb
inetutils_1.5.dfsg.1-4.diff.gz
  to pool/main/i/inetutils/inetutils_1.5.dfsg.1-4.diff.gz
inetutils_1.5.dfsg.1-4.dsc
  to pool/main/i/inetutils/inetutils_1.5.dfsg.1-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <[EMAIL PROTECTED]> (supplier of updated inetutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 15 Mar 2007 03:34:46 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-talk inetutils-talkd inetutils-ftpd 
inetutils-inetd inetutils-telnet inetutils-syslogd inetutils-telnetd 
inetutils-tools inetutils-ping
Architecture: source i386
Version: 2:1.5.dfsg.1-4
Distribution: unstable
Urgency: medium
Maintainer: Guillem Jover <[EMAIL PROTECTED]>
Changed-By: Guillem Jover <[EMAIL PROTECTED]>
Description: 
 inetutils-ftp - File Transfer Protocol client
 inetutils-ftpd - File Transfer Protocol server
 inetutils-inetd - Internet super server
 inetutils-ping - ICMP ECHO tool
 inetutils-syslogd - System logging daemon
 inetutils-talk - Talk to another user
 inetutils-talkd - Remote user communication server
 inetutils-telnet - Telnet client
 inetutils-telnetd - Telnet server
 inetutils-tools - Base networking utilities (experimental package)
Closes: 414735
Changes: 
 inetutils (2:1.5.dfsg.1-4) unstable; urgency=medium
 .
   * Fix Kerberos 5 authentication support in telnet via Shishi to make it
     actually work. (Closes: #414735)
     - debian/patches/04_shishi_telnet.patch: New file.
     Thanks to Simon Josefsson <[EMAIL PROTECTED]>.
Files: 
 9305b8507e83c10079c80a1ef8582ec3 1018 net extra inetutils_1.5.dfsg.1-4.dsc
 818dd5f5f341a941a648f0be7fc7ec85 23348 net extra inetutils_1.5.dfsg.1-4.diff.gz
 560004304d43adaa590aeed344a6c48d 99446 net extra 
inetutils-ftp_1.5.dfsg.1-4_i386.deb
 01ce3334d298d985a05e13f6f253fffc 91996 net extra 
inetutils-ftpd_1.5.dfsg.1-4_i386.deb
 19267e8a77c2c1732da38e8484617869 79806 net extra 
inetutils-inetd_1.5.dfsg.1-4_i386.deb
 ab5f4262855e2d7491b2c75a7dc57f22 81986 net extra 
inetutils-ping_1.5.dfsg.1-4_i386.deb
 0bae9f3722895a91fec5340a549323b9 84566 net extra 
inetutils-syslogd_1.5.dfsg.1-4_i386.deb
 b90d2c83d0762187d6e7d69540a83f1a 70634 net extra 
inetutils-talk_1.5.dfsg.1-4_i386.deb
 871a807e0706b92e9fbbad97de4d67d1 72528 net extra 
inetutils-talkd_1.5.dfsg.1-4_i386.deb
 4fe707634f554e32decb4919d6f1861b 116542 net extra 
inetutils-telnet_1.5.dfsg.1-4_i386.deb
 9b323150e7f2768a069078e45248e02a 101996 net extra 
inetutils-telnetd_1.5.dfsg.1-4_i386.deb
 7357ac65b8cd82b7e1becbf49de1d628 73580 net extra 
inetutils-tools_1.5.dfsg.1-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF+KTKuW9ciZ2SjJsRAlgXAKCWOFO/sIPtVl6WvJY4vcY7ytPWKwCgg5CP
G5kjMqn5Z4C1BU/Fyunm/os=
=mrCg
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to