[krbdev.mit.edu #2540]
The RT System itself via RT
rt-comment at krbdev.mit.edu
Tue Apr 20 22:01:11 EDT 2004
>From krb5-bugs-incoming-bounces at mit.edu Tue Apr 20 22:01:03 2004
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id WAA07747; Tue, 20 Apr 2004 22:01:02 -0400 (EDT)
Received: from pch.mit.edu (localhost [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3L212os021847
for <krb5-send-pr at krbdev.mit.edu>; Tue, 20 Apr 2004 22:01:02 -0400 (EDT)
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3JKflos029422
for <krb5-bugs-incoming at PCH.mit.edu>;
Mon, 19 Apr 2004 16:41:47 -0400 (EDT)
Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14])
i3JKcKBg016624
for <krb5-bugs at mit.edu>; Mon, 19 Apr 2004 16:38:21 -0400 (EDT)
Received: from centralmail1brm.Central.Sun.COM ([129.147.62.1])
by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i3JKcKhO026905
for <krb5-bugs at mit.edu>; Mon, 19 Apr 2004 13:38:20 -0700 (PDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
with ESMTP id i3JKcJcE004260
for <krb5-bugs at mit.edu>; Mon, 19 Apr 2004 14:38:20 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
i3JKcJXo626697
for <krb5-bugs at mit.edu>; Mon, 19 Apr 2004 15:38:19 -0500 (CDT)
Received: (from willf at localhost)i3JKcJJL626696;
Mon, 19 Apr 2004 15:38:19 -0500 (CDT)
Date: Mon, 19 Apr 2004 15:38:19 -0500 (CDT)
From: William Fiveash <willf at alton.central.sun.com>
Message-Id: <200404192038.i3JKcJJL626696 at alton.central.sun.com>
To: krb5-bugs at mit.edu
X-send-pr-version: 3.99
X-Mailman-Approved-At: Tue, 20 Apr 2004 22:00:42 -0400
X-BeenThere: krb5-bugs-incoming at mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: willf at alton.central.sun.com
Sender: krb5-bugs-incoming-bounces at mit.edu
Errors-To: krb5-bugs-incoming-bounces at mit.edu
>Submitter-Id: net
>Originator: William Fiveash
>Organization:
Sun Microsystems Inc.
>Confidential:
no
>Synopsis:
krb5_get_in_tkt_with_password() called too many times in _kadm5_init_any()
>Severity:
non-critical
>Priority:
low
>Category:
krb5-admin
>Class:
sw-bug
>Release: krb5-1.3.3
>Environment:
System: SunOS alton 5.10 s10_55 sun4u sparc SUNW,Sun-Blade-1000
Architecture: sun4
>Description:
In _kadm5_init_any() around line 357 I see:
if (init_type == INIT_PASS) {
for (i=0; preauth_search_list[i] >= 0; i++) {
code = krb5_get_in_tkt_with_password(handle->context,
Where preauth_search_list is defined as:
/*
* Try no preauthentication first; then try the encrypted timestamp
* (stolen from krb5 kinit.c)
*/
static int preauth_search_list[] = {
0,
KRB5_PADATA_ENC_UNIX_TIME,
-1
};
The for loop isn't required AFIK since krb5_get_in_tkt_with_password()
has logic to deal with the case where preauth is required. As it stands
now the for loop can cause kadmin to needlessly prompt twice for a
password and still fail.
>How-To-Repeat:
If you can get preauth to fail this will cause krb5_get_in_tkt_with_password()
to be called twice.
>Fix:
Remove the "for (i=0; preauth_search_list[i] >= 0; i++) {" loop.
More information about the krb5-bugs
mailing list