buglette in _kadm5_init_any()?

Will Fiveash william.fiveash at sun.com
Mon Apr 19 15:22:32 EDT 2004

In _kadm5_init_any() around line 357 I see:

     if (init_type == INIT_PASS) {
      for (i=0; preauth_search_list[i] >= 0; i++) {
           code = krb5_get_in_tkt_with_password(handle->context,

Where preauth_search_list is defined as:

 * Try no preauthentication first; then try the encrypted timestamp
 * (stolen from krb5 kinit.c)
static int preauth_search_list[] = {

The for loop isn't required AFIK since krb5_get_in_tkt_with_password()
has logic to deal with the case where preauth is required.  As it stands
now the for loop can cause kadmin to needlessly prompt twice for a
password and still fail.

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list