[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tickets with instance names.
From: |
Mats Erik Andersson |
Subject: |
Re: Tickets with instance names. |
Date: |
Wed, 15 Aug 2012 13:06:40 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
torsdag den 9 augusti 2012 klockan 23:14 skrev Simon Josefsson detta:
> Mats Erik Andersson <address@hidden> writes:
>
> > Hello again,
> >
> > I am not sure whether the following is due to my lack of
> > understanding the matter at hand, or wether there is a
> > incompleteness on behalf of libshishi.
> >
> > I have created an administrator
> >
> > # shisa -a --password LOCALHOST sigge/admin
> >
> > Then I request a TGT in my administrator role:
> >
> > $ shishi sigge/address@hidden
> >
> > This fails due to SHISHI_CNAME_MISMATCH. In fact,
> >
> > AS-REQ: "req-body.cname.name-string" -> { "sigge", "admin" }
> >
> > is of componen length 2, whereas
> >
> > AS-REP: "cname.name-string" -> { "sigge/admin" }
> >
> > is of component length 1. Thus shishi_as_check_cname() fails
> > immediately.
> >
> > Am I incorrect in believing that AS-REP was built from incorrect
> > data, since the name string is not split into name proper and
> > instance name?
>
> Yes. The code parsing sigge/admin should probably have splitted that
> into two components. Is that a Shishi KDC? It sounds like a bug.
Client and server built from GNU Inetutils development head,
so libshishi is incomplete here. A quick search reveals that
"lib/encticketpart.c" and "lib/kdc.c" are accessing the ASN.1
descriptor "sname.name-string", so presumably either of these
files could be cheating.
Regards,
Mats
- Tickets with instance names., Mats Erik Andersson, 2012/08/09
- Re: Tickets with instance names., Simon Josefsson, 2012/08/09
- Re: Tickets with instance names.,
Mats Erik Andersson <=
- Re: Tickets with instance names., Mats Erik Andersson, 2012/08/15
- Re: Tickets with instance names., Simon Josefsson, 2012/08/15
- Re: Tickets with instance names., Simon Josefsson, 2012/08/15
- Re: Tickets with instance names., Mats Erik Andersson, 2012/08/15
- Re: Tickets with instance names., Simon Josefsson, 2012/08/16