krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used
Bug #723840 reported by
Dan Searle
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| krb5 (Debian) |
Fix Released
|
Unknown
|
|||
| krb5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: libkrb5-3
libkrb5-3 in Lucid does not work properly when mediating between a Windows 7 client and a 2008R2 KDC after applying MS hotfix KB2425227.
The bug has been reported previously here:
http://
And here:
http://<email address hidden>
However, it's only since the MS hotfix that it has become a problem for us.
Basically, the bug has been fixed in libkrb5-3 version 1.8.3, so all you have to do is update the package.
I'm guessing you're going to get a lot more bug reports on this, trust MS to keep changing the goal posts and making our jobs harder.
Revision history for this message
| Dan Searle (dan-censornet) wrote | #1 |
| Changed in krb5 (Ubuntu): | |
| status: | New → In Progress |
| assignee: | nobody → Sam Hartman (hartmans) |
Revision history for this message
| Sam Hartman (hartmans) wrote | #2 |
Revision history for this message
| Sam Hartman (hartmans) wrote | #3 |
Revision history for this message
| Sam Hartman (hartmans) wrote | #4 |
| Changed in krb5 (Ubuntu): | |
| status: | In Progress → Fix Committed |
| assignee: | Sam Hartman (hartmans) → nobody |
| tags: | added: patch |
| Changed in krb5 (Debian): | |
| status: | Unknown → Fix Released |
Revision history for this message
| Chuck Short (zulcss) wrote | #5 |
| Changed in krb5 (Ubuntu): | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Rolf Leggewie (r0lf) wrote | #6 |
| Changed in krb5 (Ubuntu Lucid): | |
| status: | New → Won't Fix |
To post a comment you must log in.
I can confirm that compiling and using the new MIT Kerberos 1.8.3 libs fixes the problem I described.