[krbdev.mit.edu #9169] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Tue Apr 8 17:29:04 EDT 2025
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9169 >
Only handle IAKERB errors in initiator step
iakerb_initiator_step() must pass through most KRB-ERROR messages in
order to properly handle recoverable AS and TGS errors such as
KDC_ERR_PREAUTH_REQUIRED. Only stop on IAKERB errors.
[ghudson at mit.edu: changed code to check for com_err codes instead of
protocol codes; changed iakerb_acceptor_realm() to respond with an
IAKERB error when realm determination fails and modified test case
accordingly; added a test case by requiring preauth on the user
principal when testing IAKERB; rewrote commit message]
https://github.com/krb5/krb5/commit/e2e5f386ccf2bea1fa55ce544f43098ae2b38f89
Author: Andreas Schneider <asn at cryptomilk.org>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: e2e5f386ccf2bea1fa55ce544f43098ae2b38f89
Branch: master
src/lib/gssapi/krb5/iakerb.c | 14 +++++++++++---
src/tests/gssapi/t_gssapi.py | 3 ++-
2 files changed, 13 insertions(+), 4 deletions(-)
More information about the krb5-bugs
mailing list