Your message dated Mon, 07 Mar 2011 01:47:27 +0000
with message-id <[email protected]>
and subject line Bug#616728: fixed in krb5 1.8.3+dfsg-5
has caused the Debian Bug report #616728,
regarding krb5: fails to verify PAC with non-rc4 checksum
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
616728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: krb5
Version: 1.8.3+dfsg-4
Severity: serious
Justification: justification of maintainer
-- System Information:
Debian Release: squeeze/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'testing'), (101, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
This bug tracks launchpad 723840 so I can request a stable update.
The Debian squeeze krb5 cannot verify a PAC checksum if AES256 tickets are used.
This means in some fairly common situations, a Debian server cannot be used
with a Windows KDC.
In related news, the pac checksum is incorrectly checked in some
cross-realm cases where it cannot be verified.
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.8.3+dfsg-5
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive:
krb5-admin-server_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/krb5-admin-server_1.8.3+dfsg-5_amd64.deb
krb5-doc_1.8.3+dfsg-5_all.deb
to main/k/krb5/krb5-doc_1.8.3+dfsg-5_all.deb
krb5-kdc-ldap_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/krb5-kdc-ldap_1.8.3+dfsg-5_amd64.deb
krb5-kdc_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/krb5-kdc_1.8.3+dfsg-5_amd64.deb
krb5-multidev_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/krb5-multidev_1.8.3+dfsg-5_amd64.deb
krb5-pkinit_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/krb5-pkinit_1.8.3+dfsg-5_amd64.deb
krb5-user_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/krb5-user_1.8.3+dfsg-5_amd64.deb
krb5_1.8.3+dfsg-5.diff.gz
to main/k/krb5/krb5_1.8.3+dfsg-5.diff.gz
krb5_1.8.3+dfsg-5.dsc
to main/k/krb5/krb5_1.8.3+dfsg-5.dsc
libgssapi-krb5-2_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libgssapi-krb5-2_1.8.3+dfsg-5_amd64.deb
libgssrpc4_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libgssrpc4_1.8.3+dfsg-5_amd64.deb
libk5crypto3_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libk5crypto3_1.8.3+dfsg-5_amd64.deb
libkadm5clnt-mit7_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkadm5clnt-mit7_1.8.3+dfsg-5_amd64.deb
libkadm5srv-mit7_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkadm5srv-mit7_1.8.3+dfsg-5_amd64.deb
libkdb5-4_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkdb5-4_1.8.3+dfsg-5_amd64.deb
libkrb5-3_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkrb5-3_1.8.3+dfsg-5_amd64.deb
libkrb5-dbg_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkrb5-dbg_1.8.3+dfsg-5_amd64.deb
libkrb5-dev_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkrb5-dev_1.8.3+dfsg-5_amd64.deb
libkrb53_1.8.3+dfsg-5_all.deb
to main/k/krb5/libkrb53_1.8.3+dfsg-5_all.deb
libkrb5support0_1.8.3+dfsg-5_amd64.deb
to main/k/krb5/libkrb5support0_1.8.3+dfsg-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 06 Mar 2011 18:08:35 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4
libkrb5support0 libkrb53
Architecture: source all amd64
Version: 1.8.3+dfsg-5
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb53 - transitional package for MIT Kerberos libraries
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 611906 613487 616429 616728
Changes:
krb5 (1.8.3+dfsg-5) unstable; urgency=low
.
* KDC/LDAP DOS (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282,
Closes: #613487
* Fix delegation of credentials against Windows servers; significant
interoperability issue, Closes: #611906
* Set nt-srv-inst on TGS names to work against W2K8R2 KDCs, Closes:
#616429
* Don't fail authentication when PAC verification fails; support hmac-
md5 checksums even for non-RC4 keys, Closes: #616728
Checksums-Sha1:
73b3f1d547c2be3a1af1553c056a0c18f87677ee 1578 krb5_1.8.3+dfsg-5.dsc
eb072eaa311859ea90572bb482bf78b014bb826a 105735 krb5_1.8.3+dfsg-5.diff.gz
63f0475d22edcfd2ffa4050d605eccfe3a8e6e5f 2254996 krb5-doc_1.8.3+dfsg-5_all.deb
223c0a6a0ff07ba08543dd690c3967ca60990c0e 1372972 libkrb53_1.8.3+dfsg-5_all.deb
b013e1551ce5394a10bb14fab5478aeae01d1de3 138718
krb5-user_1.8.3+dfsg-5_amd64.deb
f7192a714cb57e09aa1215ac3178c91159f6da48 218906 krb5-kdc_1.8.3+dfsg-5_amd64.deb
81440704cd1cfecaccdbb1aa05ab4500e3de6ac9 118008
krb5-kdc-ldap_1.8.3+dfsg-5_amd64.deb
bb3fcfac2d0b76298f62e82418d7e6196a608e4f 112948
krb5-admin-server_1.8.3+dfsg-5_amd64.deb
49987467785e3bd61e24d4c7a8eb102c40562aa1 103536
krb5-multidev_1.8.3+dfsg-5_amd64.deb
fc7222b24c750d61d94191418093a9a14aadca9c 37320
libkrb5-dev_1.8.3+dfsg-5_amd64.deb
05f7cd1b8a9c292584e1c75079514f6b276937d6 1628474
libkrb5-dbg_1.8.3+dfsg-5_amd64.deb
816596913a660db4cfb4ec10559724b3e98ff0d4 77906
krb5-pkinit_1.8.3+dfsg-5_amd64.deb
e4f49f840f79504a9482d7638846a0cbf0db0dd4 374648
libkrb5-3_1.8.3+dfsg-5_amd64.deb
ababfed651df6275dac64b6eaba78ee10dde0ef8 130506
libgssapi-krb5-2_1.8.3+dfsg-5_amd64.deb
41f286137ccd223a8272eb3f6f458534b74198e7 84126
libgssrpc4_1.8.3+dfsg-5_amd64.deb
9c7b2fef0d3a70bf9f396c55bf1cc51a183abf63 78356
libkadm5srv-mit7_1.8.3+dfsg-5_amd64.deb
abbf6983f7b4ca095acd490fdd1b83eb90a968d4 64454
libkadm5clnt-mit7_1.8.3+dfsg-5_amd64.deb
61b8c4fa2cb43430433fb38b9646da62f040e417 106264
libk5crypto3_1.8.3+dfsg-5_amd64.deb
0edc6612395c57cbf73f1d63ad5ac5bba4a68b7d 63960 libkdb5-4_1.8.3+dfsg-5_amd64.deb
60ef5f4705e7962e8f75b562575b22b30c79ed94 45876
libkrb5support0_1.8.3+dfsg-5_amd64.deb
Checksums-Sha256:
4e2ba1a4463cd639df9c1aeab9ad5a06e91db25fc1a6598ba0393c89a603a0ae 1578
krb5_1.8.3+dfsg-5.dsc
0472c11cc7342cdbf493d5b9822311f4de7dd713befdfed289c263566abd2649 105735
krb5_1.8.3+dfsg-5.diff.gz
c79a904b09088d528e5d47b82baa9a40786aa4944ec8aca60ffafc8e2e9f93d8 2254996
krb5-doc_1.8.3+dfsg-5_all.deb
9996bea023e74e8c3f2c83f982918bc39788891bf404a9af63d62cd025aff88f 1372972
libkrb53_1.8.3+dfsg-5_all.deb
018d6857bd502c2fc426714bc536c172e1f1c7752a94f2397f0fcfa7fd7c53b7 138718
krb5-user_1.8.3+dfsg-5_amd64.deb
97b2eb69448392f56ae468909f709b7211b5b1bb0dcdc78a2cab222108d70306 218906
krb5-kdc_1.8.3+dfsg-5_amd64.deb
bf046aecf183f54d12cf31fd2864bdcdd30c11dd5b188ded192e805e2cdde9ee 118008
krb5-kdc-ldap_1.8.3+dfsg-5_amd64.deb
833bc9dcfbded4c9a128fbe5705667e9082d572e90b2a31679c0522dde1f0b80 112948
krb5-admin-server_1.8.3+dfsg-5_amd64.deb
4edc431eab671d783d6d9d4cd6a3568e074183b3c41456d90d779797ea11ddc3 103536
krb5-multidev_1.8.3+dfsg-5_amd64.deb
2e2942fc7777736538daf7d264523ce283b0927ae70a6b0c77a3ff9851ab19d5 37320
libkrb5-dev_1.8.3+dfsg-5_amd64.deb
54629c95a406f086a86f1b46841b894fcad69032358148ed1055adca871076f8 1628474
libkrb5-dbg_1.8.3+dfsg-5_amd64.deb
c8a1d4326ed5dd44e0b08f960042b001b866f587900bf260530b45cc57ac9bac 77906
krb5-pkinit_1.8.3+dfsg-5_amd64.deb
50de1b66293053412e0a5f652e96ab624e58bc26d2535f7cf26b1032bd1b9ece 374648
libkrb5-3_1.8.3+dfsg-5_amd64.deb
d92bdea114c1aedffb272438cc7ddf6bc4ac19b694e85da727f7c57ebf783e22 130506
libgssapi-krb5-2_1.8.3+dfsg-5_amd64.deb
d26bacfe39b00597de64c18f9bf5907eaf3c85e1227dd6ee7c4d953b952344ed 84126
libgssrpc4_1.8.3+dfsg-5_amd64.deb
e8a0e349ab57d09517eb699fdc03f7524d05839278738af90803c2374198e33f 78356
libkadm5srv-mit7_1.8.3+dfsg-5_amd64.deb
dd8c2ccf1521197442e1ca1a81872dd60a8b32bc629044151db3a565221bd65a 64454
libkadm5clnt-mit7_1.8.3+dfsg-5_amd64.deb
1fd67c6247612ecc8d96efbb9461b977f068a45d9cdd59e9b3af43b1895e5310 106264
libk5crypto3_1.8.3+dfsg-5_amd64.deb
6a70eded1d8e548fce01bc42bcd7d3ec6ac804b0be5723c604e92a727822fa92 63960
libkdb5-4_1.8.3+dfsg-5_amd64.deb
4c36ebaa9032e8a6175a7838b798da05c3e929c1e2e0ca381a0dd9d6ed002f66 45876
libkrb5support0_1.8.3+dfsg-5_amd64.deb
Files:
9545a8cc86401271103a12f161882a27 1578 net standard krb5_1.8.3+dfsg-5.dsc
476f521d471e619b123ee38949ead275 105735 net standard krb5_1.8.3+dfsg-5.diff.gz
84eb246cb185b46fcb74ba2bb5dfadb3 2254996 doc optional
krb5-doc_1.8.3+dfsg-5_all.deb
9ce65dc0d289c52d0d8dfaa9aae48820 1372972 oldlibs extra
libkrb53_1.8.3+dfsg-5_all.deb
18dcebba689758a6a44208fa906245bf 138718 net optional
krb5-user_1.8.3+dfsg-5_amd64.deb
06f28574d842dbd4e9b6b9d704cd62a8 218906 net optional
krb5-kdc_1.8.3+dfsg-5_amd64.deb
643b2054c4e5b7998cb81b02d579aaab 118008 net extra
krb5-kdc-ldap_1.8.3+dfsg-5_amd64.deb
0f918677adbdd293e4f83bb11821b6a3 112948 net optional
krb5-admin-server_1.8.3+dfsg-5_amd64.deb
3eddfce0b2cece8acce141750342c80b 103536 libdevel optional
krb5-multidev_1.8.3+dfsg-5_amd64.deb
b2f0110022fc644c3f717a0348cc6424 37320 libdevel extra
libkrb5-dev_1.8.3+dfsg-5_amd64.deb
51e90bf1b30a21ed3043a45b2b2dd5cf 1628474 debug extra
libkrb5-dbg_1.8.3+dfsg-5_amd64.deb
61ac7d73bb27d627a5febb13088db416 77906 net extra
krb5-pkinit_1.8.3+dfsg-5_amd64.deb
f1ddb8f9f74ebe13351cc63f0614a2da 374648 libs standard
libkrb5-3_1.8.3+dfsg-5_amd64.deb
8a998ac8eac3a3295e9c876ae0a4e1c7 130506 libs standard
libgssapi-krb5-2_1.8.3+dfsg-5_amd64.deb
3663d1ac3450a0bdebe0710ea03f17de 84126 libs standard
libgssrpc4_1.8.3+dfsg-5_amd64.deb
bd8d1faf19db4256b76deef6371e95db 78356 libs standard
libkadm5srv-mit7_1.8.3+dfsg-5_amd64.deb
0147d2e2574dc47576d1de43403beb5e 64454 libs standard
libkadm5clnt-mit7_1.8.3+dfsg-5_amd64.deb
1dec5d07781d78a61308f173b110bab1 106264 libs standard
libk5crypto3_1.8.3+dfsg-5_amd64.deb
cc41c0c263971656951de4da057f4075 63960 libs standard
libkdb5-4_1.8.3+dfsg-5_amd64.deb
76c91aa6cbb6db9e8d9877154b6aebb8 45876 libs standard
libkrb5support0_1.8.3+dfsg-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk10IUIACgkQ/I12czyGJg9ysgCgwR8xriOvqYVjKy5aGXJalQy/
g20AoOntBj+v9IXZ/jExdPxCEIgcubJx
=bmuv
-----END PGP SIGNATURE-----
--- End Message ---
