3.6 Patch (#1 or #2) kaserver breaks SSH
Atro Tossavainen
Atro.Tossavainen@helsinki.fi
Tue, 29 May 2001 10:34:38 +0300 (EET DST)
Hello,
I've just upgraded our servers to 3.6 Patch #2.
This upgrade caused SSH 1.2.27 with Dug Song's patch to fail.
I read on the ssh-afs and info-afs lists earlier that the buffer over-
flow patches to 3.5 Patch #5 were found to be broken (TR-60627).
3.6 Patch #1 kaservers were broken in the same way as 3.5 #5.
A fix for TR-60627 is said to have been included in 3.5 #6, so I figured
3.6 #2 could have been fixed too. Obviously, it's not.
If the SSH client is used with the -v verbose option, the error I get if
the Patch #2 kaserver is running is:
atossava@host's password:
localhost: Remote: WARNING: Kerberos V4 TGT possibly spoofed foratossava:
Retry count exceeded (send_to_kdc)
Permission denied.
With the Patch #1 kaserver running:
atossava@host's password:
localhost: Remote: WARNING: Kerberos V4 TGT possibly spoofed foratossava:
Permission Denied (kerberos)
Permission denied.
With the 3.6 2.0 kaserver, obviously, it works so I've had to downgrade
pending a solution.
With the 2.5 kaserver, the error message is printed instantly. With the
2.14 kaserver, it takes a minute or so for the error message to appear.
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . iki . fi / atro . tossavainen / >