Bug#476940: python-kerberos - fails to do preauth

Bastian Blank Sun, 20 Apr 2008 02:55:34 -0700

Package: python-kerberos
Version: 1.0-1
Severity: important

kerberos.checkPassword fails to do preauth. Instead of using the kdc
configured in the config, it tries to find _kerberos-master._udp.$REALM
via DNS:


| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de.waldi.eu.org
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response, No such name
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.194
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.194
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc02.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc02.student.uni-tuebingen.de.waldi.eu.org
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response, No such name
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc02.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.195
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc02.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.195
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de.waldi.eu.org
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response, No such name
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.194
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc02.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc02.student.uni-tuebingen.de.waldi.eu.org
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response, No such name
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc02.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.195
| 192.168.202.17 -> 134.2.3.194  KRB5 AS-REQ
|  134.2.3.194 -> 192.168.202.17 KRB5 KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED
| 192.168.202.17 -> 192.168.202.9 DNS Standard query SRV 
_kerberos-master._udp.STUDENT.UNI-TUEBINGEN.DE

kinit (from heimdal) does the following:

| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de.waldi.eu.org
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response, No such name
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.194
| 192.168.202.17 -> 134.2.3.194  KRB5 AS-REQ
|  134.2.3.194 -> 192.168.202.17 KRB5 KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response
| 192.168.202.17 -> 192.168.202.9 DNS Standard query AAAA 
u-stud-dc01.student.uni-tuebingen.de.waldi.eu.org
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response, No such name
| 192.168.202.17 -> 192.168.202.9 DNS Standard query A 
u-stud-dc01.student.uni-tuebingen.de
| 192.168.202.9 -> 192.168.202.17 DNS Standard query response A 134.2.3.194
| 192.168.202.17 -> 134.2.3.194  KRB5 AS-REQ
|  134.2.3.194 -> 192.168.202.17 KRB5 KRB Error: KRB5KDC_ERR_PREAUTH_FAILED

Bastian

-- 
Punishment becomes ineffective after a certain point.  Men become insensitive.
                -- Eneg, "Patterns of Force", stardate 2534.7



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#476940: python-kerberos - fails to do preauth

Reply via email to