Re: Re: sid: kinit showing passwd!

To: debian-user@lists.debian.org
Subject: Re: Re: sid: kinit showing passwd!
From: Anders Lennartsson <anders.lennartsson@foi.se>
Date: Wed, 17 Sep 2003 21:25:40 +0200
Message-id: <[🔎] 3F68B534.7AEDAA8A@foi.se>

David Maze wrote:

> kinit (from the MIT Kerberos packages, not Heimdal) works as I (and you)
> expect.  Where does your kinit come from?
>
>  which kinit
>  dpkg -S `which kinit`

This is most disturbing. After a check at my home lan where it worked,
of course,
I followed up what kinit I was using at work, where I discovered the
problem:

~$ type -all kinit
kinit is /usr/bin/kinit
~$ ls -l /usr/bin/kinit 
lrwxrwxrwx    1 root     root           23 Sep 16 14:43 /usr/bin/kinit
-> /etc/alternatives/kinit
~$ ls -l /etc/alternatives/kinit 
lrwxrwxrwx    1 root     root           27 Sep 16 14:44
/etc/alternatives/kinit -> /usr/lib/j2se/1.4/bin/kinit

!!! On a correctly configured debian box with krb5-user, the
/usr/bin/kinit is a file, not a link!
And the test you suggested makes one think everything is ok, although it
should normally sort it out:

~$  dpkg -S `which kinit`
krb5-user: /usr/bin/kinit

The problem seems to be caused by the thing I did yesterday.
For the first time ever, I installed an unofficial deb, the j2sdk1.4
compiled with gcc-3.2, downloaded from jrfonseca.dyndns.org/debian.
Found the link on apt-get.org.
I didn't exactly read every line of the install progress, but there were
no flashing signs of it overwriting my krb5-user files, kinit and klist!
Yes the other file is also exchanged. There may be more, I haven't
checked yet. I'm really upset by this happening silently...

Interesting thing though, the java stuff worked with mozilla as I
expected.

Now should I consider the whole machine tainted, or is this only a bug?

As a note:
I use the krb5-xxx official packages at version 1.3, and they normally
works lika charm.
With the "fake" kinit, when I write an incorrect password or none at
all, the output looks like the following:
(obviously incorrect password is here sdklakjfd)

~$ kinit
Password for abel@XXXXXXX.YYY.SE:sdklakjfd
Exception: krb_error 24 Pre-authentication information was invalid (24)
- PREAUTH_FAILED Pre-authentication information was invalid
KrbException: Pre-authentication information was invalid (24) -
PREAUTH_FAILED
        at sun.security.krb5.KrbAsRep.<init>(DashoA6275:65)
        at sun.security.krb5.KrbAsReq.getReply(DashoA6275:308)
        at sun.security.krb5.KrbAsReq.getReply(DashoA6275:271)
        at sun.security.krb5.internal.tools.Kinit.<init>(DashoA6275:264)
        at sun.security.krb5.internal.tools.Kinit.main(DashoA6275:104)
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.af.a(DashoA6275:129)
        at sun.security.krb5.internal.au.a(DashoA6275:58)
        at sun.security.krb5.internal.au.<init>(DashoA6275:53)
        at sun.security.krb5.KrbAsRep.<init>(DashoA6275:48)
        ... 4 more

If I typed the correct I did actually get a TGT, at least the "fake"
klist reported so. Everything was kind of sluggish with these programs.

Cheers,
Anders

Reply to:

Follow-Ups:
- Re: sid: kinit showing passwd!
  - From: David Z Maze <dmaze@debian.org>
- Re: sid: kinit showing passwd!
  - From: Henning Moll <newsScott@gmx.de>

Prev by Date: Re: Problem trying to start X-windows in a Debiam 3.0 installation under Virtual PC
Next by Date: Re: sed, bash script
Previous by thread: Re: sid: kinit showing passwd!
Next by thread: Re: sid: kinit showing passwd!
Index(es):
- Date
- Thread