[20227] in Kerberos_V5_Development
Re: [External] Re: kprop across NAT boundaries (patching privsafe)
daemon@ATHENA.MIT.EDU (Jorj Bauer)
Thu Jan 7 17:01:16 2021
From: Jorj Bauer <jorj@temple.edu>
To: "krbdev@mit.edu" <krbdev@mit.edu>, Greg Hudson <ghudson@mit.edu>
Date: Thu, 7 Jan 2021 22:00:45 +0000
Message-ID: <0e47e7c5-6010-40c1-bb69-a1a7d04b0132@Spark>
In-Reply-To: <021295d8-ffea-1e17-80e5-9d696599c0fd@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
That works! Thanks...
— j
On Jan 7, 2021, 2:57 PM -0500, Greg Hudson <ghudson@mit.edu>, wrote:
On 1/7/21 1:35 PM, Jorj Bauer wrote:
It’s failing at the head of recv_database, where it tries to krb5_rd_safe().
It seems that k5_privsafe_check_addrs() checks the message r-address
against the list of local addresses if the auth context doesn't contain
a specific local address. However, the r-address is optional (even if
the receiver's auth context does contain a local address), so we can
just modify kprop not to send it.
Please try this commit:
https://github.com/greghudson/krb5/commit/f1f5b5eed3ef0779225ada6ab4f092b5267f1398
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
