[krbdev.mit.edu #7862] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Feb 11 22:55:59 EST 2014
Fix SAM-2 preauth when password argument is used
sam2_process accesses gak_data to get the password, so that it can do
string-to-key with the etype in the SAM-2 challenge. When #7642
changed gic_pwd.c to use struct gak_password instead of krb5_data,
sam2_process wasn't altered to match. We don't see a problem when the
password is read through the prompter (as with kinit), because the
password winds up in the storage field at the beginning of the
gak_password structure. But when a password is supplied as a
parameter (as with ksu), the storage field is empty and we get the
wrong answer from sam2_process.
https://github.com/krb5/krb5/commit/3bedfe7c3724b0d22c72d1684f1cf76cfb600fdd
Author: Greg Hudson <ghudson at mit.edu>
Commit: 3bedfe7c3724b0d22c72d1684f1cf76cfb600fdd
Branch: master
src/lib/krb5/krb/preauth_sam2.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
More information about the krb5-bugs
mailing list