Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

It is not best to swap horses while crossing the river. -- Abraham Lincoln

devel / comp.protocols.kerberos / Re: Debugging why KRB5_KTNAME isn't working

SubjectAuthor
o Re: Debugging why KRB5_KTNAME isn't workingKen Hornstein

1
Re: Debugging why KRB5_KTNAME isn't working

<mailman.18.1643313375.8148.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=207&group=comp.protocols.kerberos#207

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: ken...@cmf.nrl.navy.mil (Ken Hornstein)
Newsgroups: comp.protocols.kerberos
Subject: Re: Debugging why KRB5_KTNAME isn't working
Date: Thu, 27 Jan 2022 14:55:43 -0500
Organization: TNet Consulting
Lines: 15
Message-ID: <mailman.18.1643313375.8148.kerberos@mit.edu>
References: <4f4a71e295df1a7aa4e53475af50164af7cbe86a.camel@interlinx.bc.ca>
<202201271803.20RI3uW0023229@hedwig.cmf.nrl.navy.mil>
<0d9c6ad8baa23118afb18a9ff82e9ff99a85d7cb.camel@interlinx.bc.ca>
<202201271845.20RIjcB2023687@hedwig.cmf.nrl.navy.mil>
<7ab7fa0b1c9ceda2c1af863a00e5b7966924e30e.camel@interlinx.bc.ca>
<202201271955.20RJth3l024507@hedwig.cmf.nrl.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="32305"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos@mit.edu
To: "Brian J. Murrell" <brian@interlinx.bc.ca>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=h2WKJXl+eHCVRlCIl1oKrdUUO5s9PcYcTv+BOiHn4z6hxcgVNSGCiial9NdL14uVscuElqgfkPWUpVOCFXl3E3n46fGjFRzW0+lp7YaUPdSl1/X2AXC72hYrYs3wEXi572kREnDWODmLrgM8yCvfgGXkL4ozhir4eiyGtxhlkM21KXrfYuCwrp7pHyTPhHrSMcKj+noc42bSJtzew1i2ei77eG3IuTW7YliODp7MsbsLrenaYiL4qU4URJINrkxiAZHOQRNr92UFWu1dJ1pU+62Vm5qZf/FeR2uZtGOWKL+VQmooB3/QdQ69IMn5RnpaRV8D1jeHgbHKizVB7Ts3EQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=8+r2kLS3HRuCN3J4AT2KhzUp29SmFqtcQazDLyZLcts=;
b=EuuiTHZcps+7OgYExTKzVereG/+AVsJ2j4TDD9moD2GfDSYwDEUfqW1HxKXteQC79obOEvancwhhspjxGbQFVgUEaQzWKtrsdaD1sFj0k1tDmiO9cVGQFpiq1i8BHGTYOZiVN4naSB+5kJkFB+I0F7bgvdAQWfcXAB5xamuqA8s6g8Jwzc4+3m4XGZttQHLDaJYukQLPyIY7CjAM2cJsYZP1qP3Mn55wJn8fAEO/vdzLijhUuFI6RcMwSOl3Q+Hde4nGVyGbbffeQuwnTXMG5qkvg7bnwNmLo4/oVEZVlgNJVUYhRV2exnee9XnzkqQP3gNnONmET9Zm+kEqmT2T4Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=8+r2kLS3HRuCN3J4AT2KhzUp29SmFqtcQazDLyZLcts=;
b=txtm2ShONByZ66ryVNoK7spl3qZjuZP7IIdLYv22vpSIZYv9J9yrKK+FZxgy9B3UDoKunNE1IpzgHKwi9x4XiQ0CcyAmIjJNwF3N5duSaEeQWDRHpCmkSBhjbyJg+GWO4zhoidDMUzRtKorNWKwfDHnAS3LQqcAOj2WlikYywyo=
Authentication-Results: spf=pass (sender IP is 140.32.59.234)
smtp.mailfrom=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil;dmarc=pass action=none header.from=cmf.nrl.navy.mil;
Received-SPF: Pass (protection.outlook.com: domain of cmf.nrl.navy.mil
designates 140.32.59.234 as permitted sender)
receiver=protection.outlook.com; client-ip=140.32.59.234; helo=mfe.dren.mil;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nrl.navy.mil;
h=message-id : from :
to : cc : subject : in-reply-to : references : mime-version : content-type
: date; s=s2.dkim; bh=8+r2kLS3HRuCN3J4AT2KhzUp29SmFqtcQazDLyZLcts=;
b=OQmghpV3ueDcL24OhxF0qhAV9wZGbusDnuDjwvgBmm27nXtAAWBa4+s+zCsVUPYZRowL
B4BVocgSjhSaStQpUi7Fy397iezsdFkyCJivvONz6t3lfuNwOROH04OwNBKF0+ApHsxc
5G5GHykH1pNtoz1QJESptGyoWzMrHZuC3c/0i63NX+ROOc4dTZoJtR2qgXWGUH2CT1PZ
QTj5biElhtXUP4dk5lYe/ROiVTBF8SR5iPNh+z1Q2KyacRChXI87V26T41Zgm4WNZXLo
Ox+TZEF0n0VT0Oa+8wSnVJ3JHqXbOHJ/c1FRGb5V2bUueYUGqrVDKXy+AF6+hoNQi3sF gg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nrl.navy.mil;
h=message-id : from :
to : cc : subject : in-reply-to : references : mime-version : content-type
: date; s=s1.dkim; bh=8+r2kLS3HRuCN3J4AT2KhzUp29SmFqtcQazDLyZLcts=;
b=kxrU66WUhH4jIiKdbeSLo2szUi1zLeUKVuw/dhh8d/o1UV+HP8A0p8uWp0QDTIT+3mJt
J32stmXpNG/5K03ezieUoTrK2E2FnY+VC9EJq9A3/Y5A+nJSMDlUHgtdmfCt1M1u+4E6
XTQD2wss8bPohMOubiWQWffd7WBC7PZuHr4=
In-Reply-To: <7ab7fa0b1c9ceda2c1af863a00e5b7966924e30e.camel@interlinx.bc.ca>
X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4
WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d
gD\SW #]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e`
X-NRLCMF-Spam-Score: () hits=0 User Authenticated
X-NRLCMF-Virus-Scanned: No virus found
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a5f032de-3a40-4811-aa6e-08d9e1cf0a31
X-MS-TrafficTypeDiagnostic: BL0PR01MB4115:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <BL0PR01MB4115D28EB57F4D9C473CC547AC219@BL0PR01MB4115.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fVEXOxa938PanJ4qIH8X4APjBiLllZ3C0ZyPsMCzF6RhJqmF4what+0VFp0n/EVkTj8q0xVN+RmpOGULlbxzdBNeVS7jjbWbHt2VWGhJACocIDwY56sRygq20jTDbUXMff5FFzzmcSGAUtt6U3wLzdpWwyrWPC1uCma2d9YGu6AnD1oUr+RJ5LdhDXQ8iYjTQ1fbNKA1RZKqHum6SgQuv3OzJYojMpyWHsoV0j+gFItCRKXXaN8ZZ3gxRTVjdo5vVW+KEk7rMhkYX+OqxtYVDf6qFunf2XAhci47INpKVY8nhYC1mPwf8x/+tAR7iyWNPQMzMHvPnAl47LKUPkOS+poLs0H7hCQxN9QlxwSZ/p8X+Ue1dayuK2mN8UwcmKsbDJofBmMxjGn4obnm+Cv75uz5RBJMfuimowZP4v13Y6jMtgrA3PnKEWq/uiOdBtRxDplmF1Gq7pnBYeHZC+Zl4ClZGSHNGdsqiEjkr80pF8AMgcp54i4B2B84Vnrul/ILG12cEyZSf0bZ72yBKve5PgmZoFyf5JtfPfRIO3Zl7tbhzPFERLtzNrmUSQQ0EXe2+0rsoLhumBsNT1iaP15e2CfmQyhxS+wASyp50CGdQG4MQ2ehZEqIDJAzetOWhU9D
X-Forefront-Antispam-Report: CIP:140.32.59.234; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mfe.dren.mil; PTR:mfe.dren.mil; CAT:NONE;
SFS:(4636009)(5660300002)(68406010)(1076003)(4744005)(426003)(956004)(8676002)(70586007)(2906002)(508600001)(356005)(26005)(786003)(7596003)(316002)(4326008)(6862004)(336012)(86362001)(7636003);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2022 19:55:59.2799 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a5f032de-3a40-4811-aa6e-08d9e1cf0a31
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT017.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4115
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <202201271955.20RJth3l024507@hedwig.cmf.nrl.navy.mil>
X-Mailman-Original-References: <4f4a71e295df1a7aa4e53475af50164af7cbe86a.camel@interlinx.bc.ca>
<202201271803.20RI3uW0023229@hedwig.cmf.nrl.navy.mil>
<0d9c6ad8baa23118afb18a9ff82e9ff99a85d7cb.camel@interlinx.bc.ca>
<202201271845.20RIjcB2023687@hedwig.cmf.nrl.navy.mil>
<7ab7fa0b1c9ceda2c1af863a00e5b7966924e30e.camel@interlinx.bc.ca>
 by: Ken Hornstein - Thu, 27 Jan 2022 19:55 UTC

>Yes. That is the "for-purpose" mechanism that I alluded to earlier
>which is why I posited that if smtpd was clearing the environment it
>was doing so in violation of the specific mechanism that was supposed
>to make this all work.

Oh, hm. I might be reading the code wrong, but it looks like the
SASL library (which is what eventually calls the Kerberos library) is
initialized _before_ the environment is reset. So if you're not also
setting those variables in the environment in the "traditional" way then
it might not see them.

(And Jochen's suggestion is also good, I forgot about the SASL config
file).

--Ken

devel / comp.protocols.kerberos / Re: Debugging why KRB5_KTNAME isn't working

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor