While tracking down an openssh GSSAPI auth issue, I've fallen into the bowels of the KRB5 libraries.
Client is Win 2k3, using x-realm auth from AD to our MIT KDC. When linking against 1.6.x libs, everything works fine. When linking against 1.8.x or 1.9, it fails with KRB5_BAD_MSIZE I backtraced it to krb5int_hmac_keyblock complaining that output->length (8) is less than hash->hashsize (16). This is being called from krb5int_hmacmd5_checksum, where I see key->keyblock.enctype is 1 (ENCTYPE_DES_CFB64), key->keyblock.length is 8 This all appear to make sense (DES is a 64-bit key, MD5 output is 128 bits), but of course fails miserably. Does anyone have any clues to lend? I see a note in 1.8.3 that some things were taking the MS MD5 code path that shouldn't be, but 1.8.3 claims to fix that, and 1.8.3 fails the same way 1.8.2 does. -- Carson ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
