[krbdev.mit.edu #2296] CVS Commit
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Feb 27 00:24:43 EST 2004
As discussed on the krbdev mailing list, krb5_get_init_creds_password()
suffered from a behavior in which it would unintentionally query a master
KDC twice if in fact the KDC queried when krb5int_sendto() was called
with use_master = 0 was in fact the master. This resulted in more than
an additional protocol operation. There were two negative side effects.
First, in the case of an incorrect password there would be two counts
against the max retry attempts. Second, in the case of hardware pre-auth
and an expired password, the user would be asked to enter their expired
password twice before being told it was expired.
This has been fixed by changing the use_master parameter into an in/out
parameter and modifying krb5int_sendto() to indicate which KDC it received
the response from. This allows the use_master parameter to be set to
indicate whether or not the response came from a master KDC regardless
of whether a master KDC was requested.
To generate a diff of this commit:
cvs diff -r1.403 -r1.404 krb5/src/include/ChangeLog
cvs diff -r1.157 -r1.158 krb5/src/include/k5-int.h
cvs diff -r1.196 -r1.197 krb5/src/lib/krb4/ChangeLog
cvs diff -r1.15 -r1.16 krb5/src/lib/krb4/send_to_kdc.c
cvs diff -r5.430 -r5.431 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.109 -r5.110 krb5/src/lib/krb5/krb/get_in_tkt.c
cvs diff -r5.14 -r5.15 krb5/src/lib/krb5/krb/gic_keytab.c
cvs diff -r5.25 -r5.26 krb5/src/lib/krb5/krb/gic_pwd.c
cvs diff -r5.55 -r5.56 krb5/src/lib/krb5/krb/send_tgs.c
cvs diff -r5.375 -r5.376 krb5/src/lib/krb5/os/ChangeLog
cvs diff -r5.2 -r5.3 krb5/src/lib/krb5/os/send524.c
cvs diff -r5.66 -r5.67 krb5/src/lib/krb5/os/sendto_kdc.c
More information about the krb5-bugs
mailing list