buglette in _kadm5_init_any()?
Will Fiveash
william.fiveash at sun.com
Mon Apr 19 15:22:32 EDT 2004
In _kadm5_init_any() around line 357 I see:
if (init_type == INIT_PASS) {
for (i=0; preauth_search_list[i] >= 0; i++) {
code = krb5_get_in_tkt_with_password(handle->context,
Where preauth_search_list is defined as:
/*
* Try no preauthentication first; then try the encrypted timestamp
* (stolen from krb5 kinit.c)
*/
static int preauth_search_list[] = {
0,
KRB5_PADATA_ENC_UNIX_TIME,
-1
};
The for loop isn't required AFIK since krb5_get_in_tkt_with_password()
has logic to deal with the case where preauth is required. As it stands
now the for loop can cause kadmin to needlessly prompt twice for a
password and still fail.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list