Mats Erik Andersson <g...@gisladisker.se> writes:
> Hello again,
>
> I am not sure whether the following is due to my lack of
> understanding the matter at hand, or wether there is a
> incompleteness on behalf of libshishi.
>
> I have created an administrator
>
> # shisa -a --password LOCALHOST sigge/admin
>
> Then I request a TGT in my administrator role:
>
> $ shishi sigge/admin@LOCALHOST
>
> This fails due to SHISHI_CNAME_MISMATCH. In fact,
>
> AS-REQ: "req-body.cname.name-string" -> { "sigge", "admin" }
>
> is of componen length 2, whereas
>
> AS-REP: "cname.name-string" -> { "sigge/admin" }
>
> is of component length 1. Thus shishi_as_check_cname() fails
> immediately.
>
> Am I incorrect in believing that AS-REP was built from incorrect
> data, since the name string is not split into name proper and
> instance name?
Yes. The code parsing sigge/admin should probably have splitted that
into two components. Is that a Shishi KDC? It sounds like a bug.
/Simon
_______________________________________________
Help-shishi mailing list
Help-shishi@gnu.org
https://lists.gnu.org/mailman/listinfo/help-shishi
