Simon Josefsson ha scritto:
On Tue, 2006-10-24 at 16:19 +0200, Alberto Fondi wrote:
Hi,
my problem is the next one:
when i use shishi username
i get the following message for exemple
request nonce (len=4) 0590673c
reply nonce (len=3) 90673c
AS exchange failed: Replay protection value (nonce) differ between
request and reply.
but there is another strange thing: there are times when i type the same
command and i get the ticket?
How could you explain this behaviour of shishi?
Hi! Interesting error, it seems that for some reason the server
responds with a short 3 octet nonce:s. This might indicate a protocol
error in Shishi or in the KDC. Which KDC is this?
Can you find a pattern in the nonces that fail? I.e., do they all start
with '0'?
To find out what nonce was used for commands that succeed, you can use
'shishi -d' and then 'shishi -v -v|grep nonce'.
/Simon
Hi Simom,
i have made different test with shishi as client and shishid ad KDC and
with the same account and i report you the nounce couples (request, reply):
request nonce (len=4) 1fd69fea
reply nonce (len=1) ea
request nonce (len=4) 766e2dd0
reply nonce (len=1) d0
request nonce (len=4) 64e27ec2
reply nonce (len=1) c2
request nonce (len=4) 1551d4af
reply nonce (len=1) af
request nonce (len=4) 6625fc6d
reply nonce (len=2) fc6d
request nonce (len=4) 6cc4edc5
reply nonce (len=1) c5
request nonce (len=4) 6cf3b668
reply nonce (len=2) b668
request nonce (len=4) 37b72c09
reply nonce (len=3) b72c09
request nonce (len=4) 534f36d8
reply nonce (len=1) d8
As you suggested me, and as you can see from these tests, it seems like
the reply nonce is only the last part of the request nonce, but the
lenght of this part is variable!.
Could it be a pointer offset error ?
Alberto
_______________________________________________
Help-shishi mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-shishi
