question about krb5_verify_authenticator_checksum - Kerberos

This is a discussion on question about krb5_verify_authenticator_checksum - Kerberos ; Can somebody explain the what is going on with "if(authenticator->cksum == NULL) return -17;" (see below). I am getting this wierd error -17 out of NetBSD's telnetd when trying to connect with Hummingbird's telnet client. Is an authenticator checksum optional? ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: question about krb5_verify_authenticator_checksum

  1. question about krb5_verify_authenticator_checksum


    Can somebody explain the what is going on with
    "if(authenticator->cksum == NULL) return -17;"
    (see below). I am getting this wierd error -17 out
    of NetBSD's telnetd when trying to connect with
    Hummingbird's telnet client. Is an authenticator
    checksum optional? Or is it truly an error?

    Thannks,
    John


    krb5_error_code krb5_verify_authenticator_checksum(krb5_context context,
    krb5_auth_context ac,
    void *data,
    size_t len)
    {
    krb5_error_code ret;
    krb5_keyblock *key;
    krb5_authenticator authenticator;
    krb5_crypto crypto;

    ret = krb5_auth_con_getauthenticator (context,
    ac,
    &authenticator);
    if(ret)
    return ret;
    if(authenticator->cksum == NULL)
    return -17;

    ...(more)...
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: question about krb5_verify_authenticator_checksum

    John Hascall wrote:
    > Can somebody explain the what is going on with
    > "if(authenticator->cksum == NULL) return -17;"
    > (see below). I am getting this wierd error -17 out
    > of NetBSD's telnetd when trying to connect with
    > Hummingbird's telnet client. Is an authenticator
    > checksum optional? Or is it truly an error?
    >
    > Thannks,
    > John


    Specifying a checksum is a required part of the
    TELNET AUTH KRB5 option. If the Telnet client is
    not specifying one it is a protocol error at that
    layer.

    What the krb5_verify_authenticator_checksum() function
    does is verify that the checkum in the authenticator
    matches the checksum of the data you are passing into
    the function as 'data' and 'len'. If the authenticator
    checksum doesn't exist you can't compare it to the input
    to verify and therefore it is an error.

    Jeffrey Altman

+ Reply to Thread