Bug 125657 - [PATCH] libkrb4 broken on 64 bit architectures
[PATCH] libkrb4 broken on 64 bit architectures
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5 (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
http://www-personal.engin.umich.edu/~...
:
Depends On:
Blocks: 126849
  Show dependency treegraph
 
Reported: 2004-06-09 15:16 EDT by wingc
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-19 15:24:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch for krb5-1.2.7 to fix libkrb4 on 64 bit architectures (715 bytes, patch)
2004-06-09 15:17 EDT, wingc
no flags Details | Diff

  None (edit)
Description wingc 2004-06-09 15:16:08 EDT
Due to the following ifdef in the krb5 source:

-------- krb5-1.2.7/src/include/kerberosIV/des.h --------

#ifndef __alpha
#define KRB4_32	long
#else
#define KRB4_32	int
#endif

---------------------------------------------------------


the Kerberos 4 library included with krb5 does not work on 64 bit
machines (i.e. x86_64).

The following patch, modeled after a similar change in krb5-1.3, fixes
the problem:

http://www-personal.engin.umich.edu/~wingc/patches/krb5-1.2.7-type64.patch



I can confirm that adding this patch to the spec file and rebuilding
the krb5 RPM results in a working libkrb4.so.

This problem naturally has also been fixed in krb5-1.3, but I
understand why it is not feasible to upgrade the krb5 library
midstream for RHEL3. Please consider this patch for inclusion in
future RHEL3 errata.

Version-Release number of selected component (if applicable):
krb5-1.2.7-21

How reproducible:
Always

Steps to Reproduce:
Try to use krb_get_pw_in_tkt() to obtain a Kerberos 4 ticket granting
ticket.


The following test program should work if you have a krb5 server
running with krb4 compatibility, and /etc/krb.conf contains the
appropriate entries for the KDC servers:


/* compile with: cc -I/usr/kerberos/include
 * -I/usr/kerberos/include/kerberosIV -L/usr/kerberos/lib64
 * -ldes425 -lkrb4
 */

#include <stdio.h>
#include <krb.h>

main()
{
int ret;

ret = krb_get_pw_in_tkt("principal", "", "REALM.NAME", "krbtgt",
"REALM.NAME", 255, "password");

if (ret != KSUCCESS) {
  printf("failed: %s\n", krb_get_err_text(ret));
}
}

Actual Results:  The function fails despite providing a correct
password, with an error code of RD_AP_TIME (time skew too large). This
is returned from:

krb5-1.2.7/src/lib/krb4/g_in_tkt.c::krb_parse_in_tkt()

The time variables are declared as KRB4_32, which become 64-bit types
accidentally and break.



Expected Results:  krb_get_pw_in_tkt() works and obtains a Kerberos 4
ticket file.
Comment 1 wingc 2004-06-09 15:17:17 EDT
Created attachment 101008 [details]
patch for krb5-1.2.7 to fix libkrb4 on 64 bit architectures
Comment 2 Nalin Dahyabhai 2004-07-07 14:03:39 EDT
A similar patch was already proposed to upstream and rejected because
it would modify the library ABI on the architectures which it fixes. 
Fixing this in a compatible way is going to be very painful, I think.
Comment 3 William D. Hamblen 2004-08-31 13:26:50 EDT
Is there any progress on this?  Not being able to connect to a krb4
server from 64 bit machines is a problem for us.
Comment 4 RHEL Product and Program Management 2007-10-19 15:24:32 EDT
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.