Re: "shishi user SERVICE" borked?

[Simon Josefsson]

Elrond <address@hidden> writes:

>> The bug was that Heimdal's ETYPE-INFO messages are corrupt, from
>> dumpasn1:
>
> Note that the above happen(s|ed) with w2k3-kdc too.

If it is clock-related, which I suspect, that may explain why it
happens sometimes and not always.

You were able to pre-authenticate at least once against both heimdal
and w2k3, right?

>> address@hidden:~/src/shishi/lib$ dumpasn1 i
>
> Where do I get dumpasn1?

apt-get install dumpasn1

> And what is "i"?

A file that I manually created with emacs, based on the shishi debug
output.  From the METHOD-DATA asn.1 object I found one entry, for 0x0b
which means 11, which means ETYPE-INFO:

  name:?2  type:SEQUENCE
    name:padata-type  type:INTEGER  value:0x0b
    name:padata-value  type:OCT_STR  
value:3081e43024a003020110a1180416444f50494f2e4a4f53454653534f4e2e4f52476a6173a2030201033024a003020103a1180416444f50494f2e4a4f53454653534f4e2e4f52476a6173a2030201033024a003020102a1180416444f50494f2e4a4f53454653534f4e2e4f52476a6173a2030201033024a003020101a1180416444f50494f2e4a4f53454653534f4e2e4f52476a6173a2030201033024a003020112a1180416444f50494f2e4a4f53454653534f4e2e4f52476a6173a2030201033024a003020117a1180416444f50494f2e4a4f53454653534f4e2e4f52476a6173a203020103

Shishi wasn't able to DER decode the "value" field here (there is now
better error messages for this when you use -v -v -v).

I use M-x hexl-insert-hex-string in emacs, and then save the data in a
file 'i' and run dumpasn1 on it.


> [...]
>>    ETYPE-INFO              ::= SEQUENCE OF ETYPE-INFO-ENTRY
>> 
>>    ETYPE-INFO-ENTRY        ::= SEQUENCE {
>>            etype           [0] Int32,
>>            salt            [1] OCTET STRING OPTIONAL
>>    }
> [...]
>
> I have seen that with ethereal from the w2k3 box... but no
> third entry there, at least I don't remember it.

The problem was probably clock skew then.

/Simon