torsdag den 9 augusti 2012 klockan 23:14 skrev Simon Josefsson detta: > Mats Erik Andersson <[email protected]> writes: > > > Hello again, > > > > I am not sure whether the following is due to my lack of > > understanding the matter at hand, or wether there is a > > incompleteness on behalf of libshishi. > > > > I have created an administrator > > > > # shisa -a --password LOCALHOST sigge/admin > > > > Then I request a TGT in my administrator role: > > > > $ shishi sigge/admin@LOCALHOST > > > > This fails due to SHISHI_CNAME_MISMATCH. In fact, > > > > AS-REQ: "req-body.cname.name-string" -> { "sigge", "admin" } > > > > is of componen length 2, whereas > > > > AS-REP: "cname.name-string" -> { "sigge/admin" } > > > > is of component length 1. Thus shishi_as_check_cname() fails > > immediately. > > > > Am I incorrect in believing that AS-REP was built from incorrect > > data, since the name string is not split into name proper and > > instance name? > > Yes. The code parsing sigge/admin should probably have splitted that > into two components. Is that a Shishi KDC? It sounds like a bug.
Client and server built from GNU Inetutils development head, so libshishi is incomplete here. A quick search reveals that "lib/encticketpart.c" and "lib/kdc.c" are accessing the ASN.1 descriptor "sname.name-string", so presumably either of these files could be cheating. Regards, Mats _______________________________________________ Help-shishi mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-shishi
