svn rev #23640: branches/krb5-1-7/src/lib/krb5/krb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Jan 11 22:21:35 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23640
Commit By: tlyu
Log Message:
ticket: 6573
version_fixed: 1.7.1
status: resolved
backport r22890 from trunk
------------------------------------------------------------------------
r22890 | ghudson | 2009-10-13 15:43:17 -0400 (Tue, 13 Oct 2009) | 11 lines
ticket: 6573
subject: Fix preauth looping in krb5_get_init_creds
tags: pullup
target_version: 1.7.1
In 1.7, krb5_get_init_creds will continue attempting the same built-in
preauth mechanism (e.g. encrypted timestamp) until the loop counter
maxes out. Until the preauth framework can remember not to retry
built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
error resulting from optimistic preauth.
Changed Files:
U branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c
Modified: branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c 2010-01-12 03:11:49 UTC (rev 23639)
+++ branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c 2010-01-12 03:21:35 UTC (rev 23640)
@@ -1331,8 +1331,7 @@
&out_padata, &retry);
if (ret !=0)
goto cleanup;
- if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED ||err_reply->error == KDC_ERR_PREAUTH_FAILED)
-&& retry) {
+ if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && retry) {
/* reset the list of preauth types to try */
if (preauth_to_use) {
krb5_free_pa_data(context, preauth_to_use);
More information about the cvs-krb5
mailing list