3.6 Patch (#1 or #2) kaserver breaks SSH

Atro Tossavainen Atro.Tossavainen@helsinki.fi
Tue, 29 May 2001 10:34:38 +0300 (EET DST)


Hello,

I've just upgraded our servers to 3.6 Patch #2.

This upgrade caused SSH 1.2.27 with Dug Song's patch to fail.

I read on the ssh-afs and info-afs lists earlier that the buffer over-
flow patches to 3.5 Patch #5 were found to be broken (TR-60627).

3.6 Patch #1 kaservers were broken in the same way as 3.5 #5.

A fix for TR-60627 is said to have been included in 3.5 #6, so I figured
3.6 #2 could have been fixed too. Obviously, it's not.

If the SSH client is used with the -v verbose option, the error I get if
the Patch #2 kaserver is running is:

atossava@host's password: 
localhost: Remote: WARNING: Kerberos V4 TGT possibly spoofed foratossava:
Retry count exceeded (send_to_kdc)
Permission denied.

With the Patch #1 kaserver running:

atossava@host's password: 
localhost: Remote: WARNING: Kerberos V4 TGT possibly spoofed foratossava:
Permission Denied (kerberos)
Permission denied.

With the 3.6 2.0 kaserver, obviously, it works so I've had to downgrade
pending a solution.

With the 2.5 kaserver, the error message is printed instantly. With the
2.14 kaserver, it takes a minute or so for the error message to appear.

-- 
Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . iki . fi / atro . tossavainen / >