Ubuntu

krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used

Reported by Dan Searle on 2011-02-23
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
krb5 (Debian)
Fix Released
Unknown
krb5 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned

Bug Description

Binary package hint: libkrb5-3

libkrb5-3 in Lucid does not work properly when mediating between a Windows 7 client and a 2008R2 KDC after applying MS hotfix KB2425227.

The bug has been reported previously here:
http://mailman.mit.edu/pipermail/krbdev/2010-July/009148.html

And here:
http://<email address hidden>/msg75789.html

However, it's only since the MS hotfix that it has become a problem for us.

Basically, the bug has been fixed in libkrb5-3 version 1.8.3, so all you have to do is update the package.

I'm guessing you're going to get a lot more bug reports on this, trust MS to keep changing the goal posts and making our jobs harder.

Dan Searle (dan-censornet) wrote :

I can confirm that compiling and using the new MIT Kerberos 1.8.3 libs fixes the problem I described.

Sam Hartman (hartmans) on 2011-03-06
Changed in krb5 (Ubuntu):
status: New → In Progress
assignee: nobody → Sam Hartman (hartmans)
Sam Hartman (hartmans) wrote :

This bug is being fixed for Debian; I hope to get into a squeeze update.
Note that Ubuntu probably wants all the other things in the upcoming 1.8.3+dfsg-5 stable Debian update.
However I'm attaching the two patches for this issue.

Sam Hartman (hartmans) wrote :

This bug is being fixed for Debian; I hope to get into a squeeze update.
Note that Ubuntu probably wants all the other things in the upcoming 1.8.3+dfsg-5 stable Debian update.
However I'm attaching the two patches for this issue.

Sam Hartman (hartmans) wrote :
Sam Hartman (hartmans) on 2011-03-06
Changed in krb5 (Ubuntu):
status: In Progress → Fix Committed
assignee: Sam Hartman (hartmans) → nobody
tags: added: patch
Changed in krb5 (Debian):
status: Unknown → Fix Released
Chuck Short (zulcss) wrote :

This should be fixed in oneiric now.

Changed in krb5 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.