bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Heimdal Kerberos 5 support for telnet/telnetd


From: atheik
Subject: [PATCH] Heimdal Kerberos 5 support for telnet/telnetd
Date: Fri, 10 Jun 2022 19:27:26 +0300

If anyone here is interested, here's a patch for building telnet/telnetd
against Heimdal Kerberos 5.

You might have to add LIBS='-lcom_err' to your make invocation since the
krb5-config script provided by Heimdal doesn't do it.

You'll also have to do the following configuration changes to Heimdal:
1) Add "allow_weak_crypto = true" to the [libdefaults] section in krb5.conf
2) Run "kadmin -l add_enctype -r host/<hostname>@<realm> des-cbc-crc"

I have tested this patch manually on Linux and everything seem to work.

If anyone reading this knows more about Kerberos 5, it would be nice
to know the answers to the following:

1) For MIT Kerberos, the krb5_data struct has a magic property, which is
here mostly left uninitialized. Passing this struct to a krb5 function that
reads the property would then result in an uninitialized read. Is the magic
property so rarely read that this is no concern?

2) I had an attempt at completing the krb5_c_verify_checksum call, which is
#ifdeffed out by default, which would eventually replace the calls to the
deprecated krb_verify_checksum. In my limited testing it works, but is
there some sort of gotcha since the call was initially left incomplete?

Thanks

Attachment: inetutils-heimdal-support-for-telnet.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]