[krbdev.mit.edu #8862] Documentation__krb5_get_init_creds_password - Get initial credentials using a password.
Fabian Müller via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Thu Jan 9 11:27:15 EST 2020
Thu Jan 09 11:27:15 2020: Request 8862 was acted upon.
Transaction: Ticket created by fabian.mueller at fiz-karlsruhe.de
Queue: krb5
Subject: Documentation__krb5_get_init_creds_password - Get initial credentials using a password.
Owner: Nobody
Requestors: fabian.mueller at fiz-karlsruhe.de
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8862 >
Dear maintainers,
I noticed that when krb5_get_init_creds_password is called using an incorrect password, the error code returned is KRB5KDC_ERR_PREAUTH_FAILED (using release 1.17). This is not among the possible return values mentioned in https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_get_init_creds_password.html.
Due to the necessary external setup, it is a bit hard to provide a minimal working example, but the libkrb5 source itself seems to agree that this is a possible return value (see e.g. https://github.com/krb5/krb5/blob/krb5-1.17-final/src/clients/kinit/kinit.c#L773-L811).
Possibly the list of return values in the documentation is not meant to be exhaustive; in that case the documentation should say so.
Kind regards,
Fabian Müller
------------------------------------------------------------------------------
FIZ Karlsruhe - Leibniz-Institut für Informationsinfrastruktur GmbH.
Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB 101892.
Geschäftsführerin: Sabine Brünger-Weilandt.
Vorsitzende des Aufsichtsrats: MinDirig’in Dr. Angelika Willms-Herget.
FIZ Karlsruhe ist zertifiziert mit dem Siegel "audit berufundfamilie".
More information about the krb5-bugs
mailing list