[3067] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Kerberos 5.3 Forwarding Tickets With Telnet

daemon@ATHENA.MIT.EDU (Doug Engert)
Mon Apr 4 17:27:49 1994

Date: Mon, 04 Apr 94 13:07:15 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <kerberos@MIT.EDU>
Cc: <auth-pilot@es.net>

There appears to be a bug in appl/telnet/libtelnet/kerberos5.c.
When trying to forward credentials, and with the set authdebug
option turned on, kerberos5_forward fails with the Kerberos V5:
could not build server name -... message.

By changing line 630 from:

 if (r = krb5_sname_to_principal(RemoteHostName, "host", 1,

to:

 if (r = krb5_sname_to_principal(RemoteHostName, "host",KRB5_NT_SRV_HST,

ticket forwarding appears to work in the same realm.

Was Kerberos 5 designed to forward credentials across realms?

           Douglas E. Engert
           Systems Programming
           Argonne National Laboratory
           9700 South Cass Avenue
           Argonne, Illinois  60439
           (708) 252-5444

           Internet: DEEngert@anl.gov


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3067] in Kerberos

Kerberos 5.3 Forwarding Tickets With Telnet

daemon@ATHENA.MIT.EDU (Doug Engert)Mon Apr 4 17:27:49 1994

daemon@ATHENA.MIT.EDU (Doug Engert)
Mon Apr 4 17:27:49 1994