[20226] in Kerberos_V5_Development
Re: [External] Re: kprop across NAT boundaries (patching privsafe)
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jan 7 14:57:51 2021
To: Jorj Bauer <jorj@temple.edu>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <021295d8-ffea-1e17-80e5-9d696599c0fd@mit.edu>
Date: Thu, 7 Jan 2021 14:57:09 -0500
MIME-Version: 1.0
In-Reply-To: <e0d42526-d150-4de2-b10b-2e49721105c2@Spark>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 1/7/21 1:35 PM, Jorj Bauer wrote:
> It’s failing at the head of recv_database, where it tries to krb5_rd_safe().
It seems that k5_privsafe_check_addrs() checks the message r-address
against the list of local addresses if the auth context doesn't contain
a specific local address. However, the r-address is optional (even if
the receiver's auth context does contain a local address), so we can
just modify kprop not to send it.
Please try this commit:
https://github.com/greghudson/krb5/commit/f1f5b5eed3ef0779225ada6ab4f092b5267f1398
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
