[krbdev.mit.edu #7877] Interleaved init_creds operations use same per-request preauth context
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Mar 13 15:56:44 EDT 2014
In preauth2.c, krb5_preauth_context_st mixes context-global preauth data
with per-request data. The "tried" field of krb5_preauth_context_st and
the "req" field of clpreauth_handle are per-request, while the "vt" and
"data" fields of clpreauth_handle are context-global.
Alll of this information is managed out of krb5_context, not
krb5_init_creds_context. So if a caller interleaves
krb5_init_creds_init/krb5_init_creds_step for different
krb5_init_creds_context objects with the same krb5_context object, both
operations will use the same per-request preauth data, likely causing one
or both operations to fail.
The per-request information should be separated out and managed out of
krb5_init_creds_context.
More information about the krb5-bugs
mailing list