Hi Viktor,
On Wed, 2017-07-12 at 05:14 +, Viktor Dukhovni wrote:
> On Tue, Jul 11, 2017 at 10:19:48PM -0400, Greg Hudson wrote:
> I think the bug was introduced by commit
> > 4b4036c9a6697f0101c60845e19664f64fdd0810 and is that the value of ret is
> > squashed by the call to _krb5_find_capath(
On Tue, Jul 11, 2017 at 10:19:48PM -0400, Greg Hudson wrote:
> I think the bug was introduced by commit
> 4b4036c9a6697f0101c60845e19664f64fdd0810 and is that the value of ret is
> squashed by the call to _krb5_find_capath() in tgs_build_reply(). In
> this scenario, I believe the call succeeds, b
On 07/11/2017 10:37 AM, Andreas Haupt wrote:
> On Mon, 2017-07-10 at 08:32 -0400, Jeffrey Hutzelman wrote:
>> This is a bug in the kdc, or possibly two bugs. First, the database lookup
>> failed and no entry was returned, but the error code was not set and so
>> remained zero, which com_err transla
Hi Jeffrey,
On Mon, 2017-07-10 at 08:32 -0400, Jeffrey Hutzelman wrote:
> This is a bug in the kdc, or possibly two bugs. First, the database lookup
> failed and no entry was returned, but the error code was not set and so
> remained zero, which com_err translates as "Success".
>
> Second, the kd
On July 10, 2017 8:16:05 AM EDT, Andreas Haupt wrote:
>... it "succeeds" in the CERN.CH case:
>
>Jul 10 13:27:36 fred-vm1 kdc[12044]: TGS-REQ aha...@ifh.de from
>IPv4:141.34.15.17 for host/lxplus040.cern...@ifh.de [canonicalize,
>renewable, forwardable]
>Jul 10 13:27:36 fred-vm1 kdc[12044]: Search
Hi Jeffrey,
On Mon, 2017-07-10 at 07:23 -0400, Jeffrey Altman wrote:
> On 7/10/2017 4:49 AM, Andreas Haupt wrote:
> > On Fri, 2017-07-07 at 15:01 -0400, Jeffrey Altman wrote:
> > >
> > > On 7/4/2017 3:05 AM, Andreas Haupt wrote:
> > > I would like to see more of the log entries that follow as wel
On 7/10/2017 4:49 AM, Andreas Haupt wrote:
> Hi Jeffrey,
>
> On Fri, 2017-07-07 at 15:01 -0400, Jeffrey Altman wrote:
>> On 7/4/2017 3:05 AM, Andreas Haupt wrote:
>> I would like to see more of the log entries that follow as well as a
>> packet capture. There is not enough detail here to say what
Hi Jeffrey,
On Fri, 2017-07-07 at 15:01 -0400, Jeffrey Altman wrote:
> On 7/4/2017 3:05 AM, Andreas Haupt wrote:
> I would like to see more of the log entries that follow as well as a
> packet capture. There is not enough detail here to say what is going on.
Do you mean a tcpdump capture or some
On 7/4/2017 3:05 AM, Andreas Haupt wrote:
> ... and on the KDC side:
>
> Jul 4 08:33:46 kdc-7.3 kdc[12045]: TGS-REQ @MYREALM from
> IPv4: for krbtgt/CERN.CH@MYREALM [renewable, forwardable]
> Jul 4 08:33:46 kdc-7.3 kdc[12045]: Server not found in database:
> krbtgt/CERN.CH@MYREALM: Success
I
Dear all,
we face a weird cross-realm-related issue after the upgrade to Heimdal 7.3
KDCs. The KDC replies with a wrong answer in case the cross-realm key does
not exist. This happens with a Heimdal 1.2.1 KDC:
[wgs03] ~ % ssh -v -o GSSAPIAuthentication=yes lxplus.cern.ch
[...]
debug1: Next authen
10 matches
Mail list logo