Discussion of krb5_get_init_creds_password() behavior was Re:problem with the kinit_prompter in kfw 2.5
john at iastate.edu
Thu Feb 19 18:18:36 EST 2004
> So, I'm confused. I agree there is a problem if you enter in a null
> password and in that case you will get double prompted.
> In all other cases I fail to see the problem. Note that you have to
> explicitly declare your list of master KDCs. By default in 1.3.x, no
> KDCs are masters and no second attempt is made.
And that was the problem Beata Pruski mentioned.
If no master kdcs are defined, and a user has an
expired password, then
the 1st call returns KRB5_EXPIRED_PASSWORD (or whatever it is), then
the 2nd call fails with that oddly named REALM error,
and *that* gets returned
and so the prompter never prompts for a new password.
More information about the krbdev