Mats Erik Andersson <g...@gisladisker.se> writes: > onsdag den 15 augusti 2012 klockan 13:06 skrev Mats Erik Andersson detta: >> torsdag den 9 augusti 2012 klockan 23:14 skrev Simon Josefsson detta: >> > Mats Erik Andersson <g...@gisladisker.se> writes: >> > >> > > Am I incorrect in believing that AS-REP was built from incorrect >> > > data, since the name string is not split into name proper and >> > > instance name? >> > >> > Yes. The code parsing sigge/admin should probably have splitted that >> > into two components. Is that a Shishi KDC? It sounds like a bug. >> >> Client and server built from GNU Inetutils development head, >> so libshishi is incomplete here. A quick search reveals that >> "lib/encticketpart.c" and "lib/kdc.c" are accessing the ASN.1 >> descriptor "sname.name-string", so presumably either of these >> files could be cheating. > > The following crude patch allows the exchange to proceed further.
Thanks for tracking it down, I solved it somewhat differently on git master. I also added a regression test for this problem, as it was a real bug. > Now the procedure get as far as halting on failed HMAC verification. > More investigation is needed. The principal names are usually part of the salting, that's why those things can fail. Retry with my patch, and if that doesn't work, try to debug it further. Thanks, /Simon _______________________________________________ Help-shishi mailing list Help-shishi@gnu.org https://lists.gnu.org/mailman/listinfo/help-shishi
