Bug 125657 - [PATCH] libkrb4 broken on 64 bit architectures
Summary: [PATCH] libkrb4 broken on 64 bit architectures
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL: http://www-personal.engin.umich.edu/~...
Depends On:
Blocks: 126849
TreeView+ depends on / blocked
Reported: 2004-06-09 19:16 UTC by wingc
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2007-10-19 19:24:32 UTC

Attachments (Terms of Use)
patch for krb5-1.2.7 to fix libkrb4 on 64 bit architectures (715 bytes, patch)
2004-06-09 19:17 UTC, wingc
no flags Details | Diff

Description wingc 2004-06-09 19:16:08 UTC
Due to the following ifdef in the krb5 source:

-------- krb5-1.2.7/src/include/kerberosIV/des.h --------

#ifndef __alpha
#define KRB4_32	long
#define KRB4_32	int


the Kerberos 4 library included with krb5 does not work on 64 bit
machines (i.e. x86_64).

The following patch, modeled after a similar change in krb5-1.3, fixes
the problem:


I can confirm that adding this patch to the spec file and rebuilding
the krb5 RPM results in a working libkrb4.so.

This problem naturally has also been fixed in krb5-1.3, but I
understand why it is not feasible to upgrade the krb5 library
midstream for RHEL3. Please consider this patch for inclusion in
future RHEL3 errata.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Try to use krb_get_pw_in_tkt() to obtain a Kerberos 4 ticket granting

The following test program should work if you have a krb5 server
running with krb4 compatibility, and /etc/krb.conf contains the
appropriate entries for the KDC servers:

/* compile with: cc -I/usr/kerberos/include
 * -I/usr/kerberos/include/kerberosIV -L/usr/kerberos/lib64
 * -ldes425 -lkrb4

#include <stdio.h>
#include <krb.h>

int ret;

ret = krb_get_pw_in_tkt("principal", "", "REALM.NAME", "krbtgt",
"REALM.NAME", 255, "password");

if (ret != KSUCCESS) {
  printf("failed: %s\n", krb_get_err_text(ret));

Actual Results:  The function fails despite providing a correct
password, with an error code of RD_AP_TIME (time skew too large). This
is returned from:


The time variables are declared as KRB4_32, which become 64-bit types
accidentally and break.

Expected Results:  krb_get_pw_in_tkt() works and obtains a Kerberos 4
ticket file.

Comment 1 wingc 2004-06-09 19:17:17 UTC
Created attachment 101008 [details]
patch for krb5-1.2.7 to fix libkrb4 on 64 bit architectures

Comment 2 Nalin Dahyabhai 2004-07-07 18:03:39 UTC
A similar patch was already proposed to upstream and rejected because
it would modify the library ABI on the architectures which it fixes. 
Fixing this in a compatible way is going to be very painful, I think.

Comment 3 William D. Hamblen 2004-08-31 17:26:50 UTC
Is there any progress on this?  Not being able to connect to a krb4
server from 64 bit machines is a problem for us.

Comment 4 RHEL Product and Program Management 2007-10-19 19:24:32 UTC
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.