[krbdev.mit.edu #6118] rename principals
The RT System itself via RT
rt-comment at krbdev.mit.edu
Fri Sep 12 12:14:38 EDT 2008
>From krb5-bugs-incoming-bounces at PCH.MIT.EDU Fri Sep 12 12:14:08 2008
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id m8CGE8o4011379; Fri, 12 Sep 2008 12:14:08 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3uB026775;
Fri, 12 Sep 2008 12:14:03 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjpaD020474
for <krb5-bugs-incoming at PCH.mit.edu>; Fri, 12 Sep 2008 11:45:51 -0400
Received: from mit.edu (W92-130-BARRACUDA-1.MIT.EDU [18.7.21.220])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
m8CFjhcU006508
for <krb5-bugs at mit.edu>; Fri, 12 Sep 2008 11:45:43 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mit.edu (Spam Firewall) with ESMTP id D3886B10731
for <krb5-bugs at mit.edu>; Fri, 12 Sep 2008 11:44:52 -0400 (EDT)
Received: from root by spam.ifs.umich.edu with local (Exim 4.69)
(envelope-from <mdw at umich.edu>)
id 1KeApI-0005uU-9f; Fri, 12 Sep 2008 11:44:52 -0400
To: krb5-bugs at mit.edu
Subject: rename principals
From: mdw at umich.edu
X-send-pr-version: 3.99
Message-Id: <E1KeApI-0005uU-9f at spam.ifs.umich.edu>
Date: Fri, 12 Sep 2008 11:44:52 -0400
X-Spam-Score: 4.461
X-Spam-Level: **** (4.461)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400
Cc: kwc at umich.edu, vpliakas at umich.edu, mdw at umich.edu
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw at umich.edu
Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU
>Submitter-Id: net
>Originator: mdw at umich.edu
>Organization:
University of Michigan
>Confidential: no
>Synopsis: rename principals
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: change-request
>Release: 1.6.3
>Environment:
dell pe1750 running umce linux, krb5 1.6.3+patches
System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux
Architecture: i686
>Description:
In mit k5 kerberos, there is a rename rpc that was
never finished. Here is a patch that adds the
missing pieces. The interesting trick is converting
realm dependent salt to special salt.
>How-To-Repeat:
Run kadmin. Try, just try to rename a principal
while preserving the password that you don't know.
>Fix:
Workaround: require users go through a password reset
process after changing their login.
Compile-time fix, apply the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-rename.patch
More information about the krb5-bugs
mailing list