Joshua Acosta
2018-06-18 11:21:28 UTC
Good morning,
We are developing a software authentification based in the software "leash"
downloaded with kerberos for Windows. Our KDC is located in an IBM ZOS.
The problem that we have is when we demand a ticket TGT of a user that is
in "renewal state", the function leash_kinit doesn't inform about this
situacion, that has a return code KRB5KDC_ERR_KEY_EXP, instead of this
value the code returned is KRB5KDC_ERR_PREAUTH_FAILED.
We are "sniffing" the conversation between client and Host IBM and can see
that the error of key expired is fired, but is hiding by the next error:
preauth fail.
How ZOS can't desactivated the preauthentificacion, how can we detect the
renewal situation?.
Thanks in advance,
Josep Maria
krbdev mailing list ***@mit.edu
https://mailman.m
We are developing a software authentification based in the software "leash"
downloaded with kerberos for Windows. Our KDC is located in an IBM ZOS.
The problem that we have is when we demand a ticket TGT of a user that is
in "renewal state", the function leash_kinit doesn't inform about this
situacion, that has a return code KRB5KDC_ERR_KEY_EXP, instead of this
value the code returned is KRB5KDC_ERR_PREAUTH_FAILED.
We are "sniffing" the conversation between client and Host IBM and can see
that the error of key expired is fired, but is hiding by the next error:
preauth fail.
How ZOS can't desactivated the preauthentificacion, how can we detect the
renewal situation?.
Thanks in advance,
Josep Maria
Send krbdev mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.mit.edu/mailman/listinfo/krbdev
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of krbdev digest..."
1. Re: MIT Kerberos 1.14 : gssint_get_mechanism_cred crash
(Vipul Mehta)
----------------------------------------------------------------------
Message: 1
Date: Fri, 15 Jun 2018 23:27:54 +0530
Subject: Re: MIT Kerberos 1.14 : gssint_get_mechanism_cred crash
<CAMeQEL-X_0JN2CJ3V=
Content-Type: text/plain; charset="UTF-8"
Thanks Greg. If i have anything more related to mit kerberos i will share.
For now we are also suspecting and investigating possible internal bug in
our code only.
need
handle you are passing is a valid cred handle and was not previously
freed
Regards,
Vipul
------------------------------
_______________________________________________
krbdev mailing list
https://mailman.mit.edu/mailman/listinfo/krbdev
End of krbdev Digest, Vol 186, Issue 4
**************************************
_______________________________________________To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.mit.edu/mailman/listinfo/krbdev
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of krbdev digest..."
1. Re: MIT Kerberos 1.14 : gssint_get_mechanism_cred crash
(Vipul Mehta)
----------------------------------------------------------------------
Message: 1
Date: Fri, 15 Jun 2018 23:27:54 +0530
Subject: Re: MIT Kerberos 1.14 : gssint_get_mechanism_cred crash
<CAMeQEL-X_0JN2CJ3V=
Content-Type: text/plain; charset="UTF-8"
Thanks Greg. If i have anything more related to mit kerberos i will share.
For now we are also suspecting and investigating possible internal bug in
our code only.
We are facing crash in our application while kerberos security context
initialization inside gssint_get_mechanism_cred function.
[...]initialization inside gssint_get_mechanism_cred function.
Looks like memcmp is causing the issue.
&union_cred->mechs_array[i]->length is 9
mech_type->length is 9
mech_type->elements is not NULL
(&union_cred->mechs_array[i])->elements is also not NULL
Is anyone aware of such issue. Any possible fix ? Let me know if you
&union_cred->mechs_array[i]->length is 9
mech_type->length is 9
mech_type->elements is not NULL
(&union_cred->mechs_array[i])->elements is also not NULL
Is anyone aware of such issue. Any possible fix ? Let me know if you
more information.
I am not aware of any such issue. You should double-check that the credhandle you are passing is a valid cred handle and was not previously
(although the usual method of releasing a cred handle should also set the
pointer to NULL, unless you made a copy of the cred handle before
releasingpointer to NULL, unless you made a copy of the cred handle before
it). If there is a memory corruption issue in the application, you might
be able to use valgrind to find it.
--be able to use valgrind to find it.
Regards,
Vipul
------------------------------
_______________________________________________
krbdev mailing list
https://mailman.mit.edu/mailman/listinfo/krbdev
End of krbdev Digest, Vol 186, Issue 4
**************************************
krbdev mailing list ***@mit.edu
https://mailman.m