[OpenAFS] Usernames in pts

Mikkel Kruse Johnsen mikkel@linet.dk
Wed, 01 Aug 2007 12:58:46 +0200 

--=-9Jjz4BIT2OVLKJH0WcKs
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hi All

Well it did work. My token must have expired or something.

Cool, thanks alot Russ. Your the man.

Is there any plan to make this default in future version 1.6 or
something, when kerberos 4 is all gone ?

/Mikkel


On Wed, 2007-08-01 at 12:42 +0200, Mikkel Kruse Johnsen wrote:

> Hi Russ
> 
> Just patched with attacted patch. But I don't work.
> 
> Is that the only place. To me it seems that the name is spilt and it
> checks if the first char is '.' (a dot). It should not spilt the name.
> 
> /Mikkel
> 
> On Wed, 2007-08-01 at 03:20 -0700, Russ Allbery wrote: 
> 
> > Mikkel Kruse Johnsen <mikkel@linet.dk> writes:
> > 
> > > All of this is checked. If I do the same with a user not containing a
> > > dot "root@CBS.DK" then it works. So it is because there is a dot in my
> > > name.
> > 
> > You're being bitten by the code that tries to convert Kerberos v5
> > principal names to the Kerberos v4 convention used by AFS.
> > 
> >     /* 
> >      * If the first part of the name_string contains a dot, punt since
> >      * then we can't see the diffrence between the kerberos 5
> >      * principals foo.root and foo/root later in the fileserver.
> >      */
> >     if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
> >         goto bad_ticket;
> > 
> > (rxkad/ticket5.c).  I'm afraid you might be out of luck, at least with the
> > current version of AFS, unless you patch this code and remove this check
> > in your file servers.
> > 
> 
> Mikkel Kruse Johnsen
> Linet
> Ørholmgade 6 st tv
> 2200 København N
> 
> Tlf: +45 2128 7793
> email: mikkel@linet.dk
> www: http://www.linet.dk
> !DSPAM:46b0644f39889962115043!

Mikkel Kruse Johnsen
Linet
Ørholmgade 6 st tv
2200 København N

Tlf: +45 2128 7793
email: mikkel@linet.dk
www: http://www.linet.dk

--=-9Jjz4BIT2OVLKJH0WcKs
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.14.3">
</HEAD>
<BODY>
Hi All<BR>
<BR>
Well it did work. My token must have expired or something.<BR>
<BR>
Cool, thanks alot Russ. Your the man.<BR>
<BR>
Is there any plan to make this default in future version 1.6 or something, when kerberos 4 is all gone ?<BR>
<BR>
/Mikkel<BR>
<BR>
<BR>
On Wed, 2007-08-01 at 12:42 +0200, Mikkel Kruse Johnsen wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
    <FONT COLOR="#000000">Hi Russ</FONT><BR>
    <BR>
    <FONT COLOR="#000000">Just patched with attacted patch. But I don't work.</FONT><BR>
    <BR>
    <FONT COLOR="#000000">Is that the only place. To me it seems that the name is spilt and it checks if the first char is '.' (a dot). It should not spilt the name.</FONT><BR>
    <BR>
    <FONT COLOR="#000000">/Mikkel</FONT><BR>
    <BR>
    <FONT COLOR="#000000">On Wed, 2007-08-01 at 03:20 -0700, Russ Allbery wrote: </FONT>
    <BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Mikkel Kruse Johnsen &lt;<A HREF="mailto:mikkel@linet.dk">mikkel@linet.dk</A>&gt; writes:</FONT>

<FONT COLOR="#000000">&gt; All of this is checked. If I do the same with a user not containing a</FONT>
<FONT COLOR="#000000">&gt; dot &quot;<A HREF="mailto:root@CBS.DK">root@CBS.DK</A>&quot; then it works. So it is because there is a dot in my</FONT>
<FONT COLOR="#000000">&gt; name.</FONT>

<FONT COLOR="#000000">You're being bitten by the code that tries to convert Kerberos v5</FONT>
<FONT COLOR="#000000">principal names to the Kerberos v4 convention used by AFS.</FONT>

<FONT COLOR="#000000">    /* </FONT>
<FONT COLOR="#000000">     * If the first part of the name_string contains a dot, punt since</FONT>
<FONT COLOR="#000000">     * then we can't see the diffrence between the kerberos 5</FONT>
<FONT COLOR="#000000">     * principals foo.root and foo/root later in the fileserver.</FONT>
<FONT COLOR="#000000">     */</FONT>
<FONT COLOR="#000000">    if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)</FONT>
<FONT COLOR="#000000">        goto bad_ticket;</FONT>

<FONT COLOR="#000000">(rxkad/ticket5.c).  I'm afraid you might be out of luck, at least with the</FONT>
<FONT COLOR="#000000">current version of AFS, unless you patch this code and remove this check</FONT>
<FONT COLOR="#000000">in your file servers.</FONT>

</PRE>
    </BLOCKQUOTE>
    <TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
Mikkel Kruse Johnsen<BR>
Linet<BR>
&#216;rholmgade 6 st tv<BR>
2200 K&#248;benhavn N<BR>
<BR>
Tlf: +45 2128 7793<BR>
email: mikkel@linet.dk<BR>
www: http://www.linet.dk
</TD>
</TR>
</TABLE>
    <FONT COLOR="#000000">!DSPAM:46b0644f39889962115043!</FONT><BR>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
Mikkel Kruse Johnsen<BR>
Linet<BR>
&#216;rholmgade 6 st tv<BR>
2200 K&#248;benhavn N<BR>
<BR>
Tlf: +45 2128 7793<BR>
email: mikkel@linet.dk<BR>
www: http://www.linet.dk
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

--=-9Jjz4BIT2OVLKJH0WcKs--