krb5_get_init_creds_password with empty password and no prompter

Greg Hudson ghudson at MIT.EDU
Mon May 6 12:11:58 EDT 2013

On 05/06/2013 10:50 AM, Stef Walter wrote:
> I've tried to fix this in preauth2.c get_as_key() without success. Any
> tips on a good way to tackle/patch this?

I think the gak_data contract needs to be modified.  Right now gak_data
points to a krb5_data, which either contains the pre-supplied password
or a buffer for the prompter output, and we tell the difference by
testing if password->data[0] != '\0'.  If the pre-supplied password
might be empty, then we need another way to tell the difference,
probably by encapsulating the krb5_data in a structure with a flag.

Once we have a contract which can support empty pre-supplied passwords,
the conditional at line 273 ("if (password && password[0])") also needs
to be adjusted.

More information about the krbdev mailing list