[krbdev.mit.edu #9037] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Thu Mar 17 14:48:36 EDT 2022
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 >
Try harder to avoid password change replay errors
Commit d7b3018d338fc9c989c3fa17505870f23c3759a8 (ticket 7905) changed
change_set_password() to prefer TCP. However, because UDP_LAST falls
back to UDP after one second, we can still get a replay error due to a
dropped packet, before the TCP layer has a chance to retry.
Instead, try k5_sendto() with NO_UDP, and only fall back to UDP after
TCP fails completely without reaching a server. In sendto_kdc.c,
implement an ONLY_UDP transport strategy to allow the UDP fallback.
https://github.com/krb5/krb5/commit/6297788e24cefa8f3fdd36f514e2e6569fa7b34a
Author: Greg Hudson <ghudson at mit.edu>
Commit: 6297788e24cefa8f3fdd36f514e2e6569fa7b34a
Branch: master
src/lib/krb5/os/changepw.c | 9 ++++++++-
src/lib/krb5/os/os-proto.h | 1 +
src/lib/krb5/os/sendto_kdc.c | 12 ++++++++----
3 files changed, 17 insertions(+), 5 deletions(-)
More information about the krb5-bugs
mailing list