Hi Russ
Just patched with attacted patch. But I don't work.
Is that the only place. To me it seems that the name is spilt and it
checks if the first char is '.' (a dot). It should not spilt the name.
/Mikkel
On Wed, 2007-08-01 at 03:20 -0700, Russ Allbery wrote:
> Mikkel Kruse Johnsen <[EMAIL PROTECTED]> writes:
>
> > All of this is checked. If I do the same with a user not containing a
> > dot "[EMAIL PROTECTED]" then it works. So it is because there is a dot in my
> > name.
>
> You're being bitten by the code that tries to convert Kerberos v5
> principal names to the Kerberos v4 convention used by AFS.
>
> /*
> * If the first part of the name_string contains a dot, punt since
> * then we can't see the diffrence between the kerberos 5
> * principals foo.root and foo/root later in the fileserver.
> */
> if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
> goto bad_ticket;
>
> (rxkad/ticket5.c). I'm afraid you might be out of luck, at least with the
> current version of AFS, unless you patch this code and remove this check
> in your file servers.
>
Mikkel Kruse Johnsen
Linet
Ørholmgade 6 st tv
2200 København N
Tlf: +45 2128 7793
email: [EMAIL PROTECTED]
www: http://www.linet.dk
diff -r -u openafs-1.4.3.orig/src/rxkad/ticket5.c openafs-1.4.3/src/rxkad/ticket5.c
--- openafs-1.4.3.orig/src/rxkad/ticket5.c 2006-06-30 01:25:49.000000000 +0200
+++ openafs-1.4.3/src/rxkad/ticket5.c 2007-08-01 12:27:32.000000000 +0200
@@ -323,8 +323,8 @@
* then we can't see the diffrence between the kerberos 5
* principals foo.root and foo/root later in the fileserver.
*/
- if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
- goto bad_ticket;
+ //if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
+ //goto bad_ticket;
/* Verify that decr_part.key is of right type */
switch (decr_part.key.keytype) {
