[krbdev.mit.edu #8659] SPAKE client asks for password before checking for second-factor support

Greg Hudson via RT rt-comment at KRBDEV-PROD-APP-1.mit.edu
Fri Mar 30 00:34:45 EDT 2018

Previous message: [krbdev.mit.edu #8658] git commit
Next message: [krbdev.mit.edu #8654] Prevent fallback from SPAKE to encrypted timestamp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

spake_prep_questions() and spake_process() both indicate a need for the 
AS key as soon as they receive a challenge from the KDC, before 
checking whether the client can satisfy any of the second factor types 
offered by the KDC.  We should check the second factor offer first.

Previous message: [krbdev.mit.edu #8658] git commit
Next message: [krbdev.mit.edu #8654] Prevent fallback from SPAKE to encrypted timestamp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krb5-bugs mailing list