While testing some migration paths to K5, I've run into a weird issue trying to decode krb5 tickets on a UNIX server whereby it dies with KRB5_RC_IO_UNKNOWN trying to initialize the replay cache before it even gets to parsing my ticket datachunk.
I stepped through the krb5_rd_req() w/ gdb and can see that it is taking my k5 principal (e.g. "server-agent/myserver.cornell.edu" and trying to create a replay cache file in /var/tmp called "rc_server- agent/myserver.cornell.edu_1001" with no escaping/encoding of the fwd slash. Obviously this is causing a file open error in rc_io.c when it tries to create/check this file at which point my krb5_rd_req() comes back with the aforementioned error code. I checked the FAQ, but I see no warnings about using the convention of forward slashes on principals if using in UNIX environments. Should I be doing something myself to escape/encode these principal strings before feeding them to krb5_sname_to_principal to get the krb5_principal struct back which I then feed to krb5_rd_req? I'd think this would conflict with the format in the keytab we generated. I also noticed that the srv_rcache.c I stepped through en route to rc_io.c has some blocks to check for backward slashes in the principal name but not forward slashes. Is this to handle a different problem or the same issue in Win32 type systems? Let me know if anyone has had similar problems, or if I'm doing something wrong with my principal naming conventions. -T
