[krbdev.mit.edu #8152] gss_acquire_cred_with_password() ignores expired creds
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Thu Mar 19 17:13:16 EDT 2015
>>>>> "Greg" == Greg Hudson via RT <rt-comment at krbdev.mit.edu> writes:
Greg> Simo points out that it's possible to write password-verifying
Greg> code using gss_acquire_cred_with_password() and
Greg> gss_init/accept_sec_context to a locally controlled service,
Greg> and the current semantics of gss_acquire_cred_with_password()
Greg> are completely broken for that.
How does this break?
I think Luke has in fact written such a PAM module and it worked OK the
last time I checked.
More information about the krb5-bugs
mailing list