[OpenAFS] klog.krb creates invalid K4 ticket files on x86_64 Linuxes
Thu, 9 Aug 2007 14:15:24 -0400
If people agree we should revert it (I committed it already)
I'm tempted to leave it "fixed".
On 8/9/07, Russ Allbery <email@example.com> wrote:
> Rainer Toebbicke <firstname.lastname@example.org> writes:
> > AFS defines the "issue-date" in the ticket file alike the token
> > "startTime" to be an afs_int32, whereas krb4 in MIT Kerberos 5 considers
> > it a "long". Problems hence arise on platforms where long != afs_int32 -
> > krb4-aware applications such as cvs fail because of invalid tickets.
> > This is of course an issue only for very conservative installations -
> > replacing klog.krb by Heimdal kinit or a MIT-kinit+aklog+krb524init
> > script is a reasonable bypass.
> > Could something break? KTH Kerberos and hence Heimdal with Krb4 used to
> > consider this field a hard 32 bit as well, Debian sarge users *could*
> > run into problems but AFAIK there is no sarge for amd64 and anyway they
> > would use "kinit" and not klog.krb.
> Yes, different Kerberos v4 libraries just don't agree on the size of this
> field. I'm not sure there's really a "right" file format.
> I would argue that there's some possibility we care more about being
> compatible with KTH Kerberos than with MIT Kerberos v4 compat libraries,
> given that KTH Kerberos shipped with AFS support and may be more likely to
> be in use at AFS installations.
> Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>
> OpenAFS-info mailing list