[krbdev.mit.edu #6979] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sat Oct 15 12:56:30 EDT 2011
In the kpasswd server code, don't set a remote address in the auth
context before calling krb5_rd_priv, since the kpasswd protocol is
well-protected against reflection attacks. This allows password
changes to work in cases where a NAT has changed the client IP address
as it is seen by the server.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25356
Commit By: ghudson
Revision: 25356
Changed Files:
U trunk/src/kadmin/server/schpw.c
More information about the krb5-bugs
mailing list