Discussion of krb5_get_init_creds_password() behavior was Re:problem with the kinit_prompter in kfw 2.5

John Hascall john at iastate.edu
Thu Feb 19 18:18:36 EST 2004

> So, I'm confused.  I agree there is a problem if you enter in a null
> password and in that case you will get double prompted.

> In all other cases I fail to see the problem.  Note that you have to
> explicitly declare your list of master KDCs.  By default in 1.3.x, no
> KDCs are masters and no second attempt is made.

And that was the problem Beata Pruski mentioned.
If no master kdcs are defined, and a user has an
expired password, then

   the 1st call returns KRB5_EXPIRED_PASSWORD (or whatever it is), then

   the 2nd call fails with that oddly named REALM error,
    and *that* gets returned

and so the prompter never prompts for a new password.


More information about the krbdev mailing list