RT/krbdev.mit.edu: Ticket #2296 Modify krb5_get_init_creds_password() to prevent duplicate queries to master KDC

RT/krbdev.mit.edu: Ticket #2296 Modify krb5_get_init_creds_password() to prevent duplicate queries to master KDC

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
2296

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	krb5-libs
Version_reported	1.3.2
Version_Fixed	1.4
Target_Version	1.4
Tags

Relationships

Depends on:

Depended on by:

2424: (epeisach) krb5_sendto_kdc passing improper argument to krb5_locate_kdc [resolved]

Parents:

Children:

Refers to:

Referred to by:

2370: (kenh) Fix missing case for get_init_creds API change. [resolved]

Dates

Created:	Fri Feb 27 00:24:42 2004
Starts:	Not set
Started:	Fri Feb 27 00:24:44 2004
Last Contact:	Fri Feb 27 19:35:06 2004
Due:	Not set
Updated:	Mon Nov 15 22:22:05 2004 by tlyu

People

Owner
jaltman
Requestors
jaltman@mit.edu
Cc

AdminCc

More about Jeffrey Altman

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

1527: krb5_rd_safe_basic() throws exception when sender_addr is NULL (new)
1809: Krb5 Telnet[d] improperly truncates 3DES keys to DES key (new)
2137: krb5_cc_get_principal prevents implementation of auto kinit dialogs in KfM/KfW (new)
2145: gss_release_buffer() too easily deallocates memory it should not (new)
2147: Debug output hooks need to be added to support Windows Help Desk (open)
2253: W2K+3 vs MIT RC4-HMAC based cross-realm trusts (open)
2536: Krb5 Admin Guide fails to document krb524 (new)
2547: Add support for kpasswd/TCP to kadmind (open)
2596: src/krb524/README out of date (new)
2602: Don't reject renewable of non-renewable tickets (new)
2636: replace all calls to getenv()/setenv() with Get/SetEnvironmentVariable on Windows (open)
2640: krb5_cc_default() blocks for two minutes when MSLSA and Logon Server Unavailable (open)
2736: recode krb5_get_credentials to work without a ccache (new)
3112: telnet does not build on Fedora Core 4 (new)
4157: Windows README is out of date (new)
4325: src/include/krb5_err.h needs to be updated to match RFC4120 (new)
4328: Implement new krb5_get_credentials option: KRB5_GC_REPLACE (open)
4740: cccursor backend for MSLSA (new)
5501: Vista UAC impact on Windows Installer requires modifications to admin privilege test (open)
5536: Build Script Fails to build KFW (open)
5543: Build Scripts fail to package with "beta" version (new)
5714: Build Script - Update for 64-bit Windows build (open)
5718: NIM: BUG: APP: Configuration Identity Panel Apply Button (open)
5720: NIM: BUG: APP: Create command-line request queue (open)
5721: NIM: BUG: KRB5: Identity validation can succeed without prompts (open)

History

Display mode: [Brief headers] [Full headers]

Fri Feb 27 00:24:42 2004	jaltman - Ticket created
From: jaltman@mit.edu Subject: CVS Commit As discussed on the krbdev mailing list, krb5_get_init_creds_password() suffered from a behavior in which it would unintentionally query a master KDC twice if in fact the KDC queried when krb5int_sendto() was called with use_master = 0 was in fact the master. This resulted in more than an additional protocol operation. There were two negative side effects. First, in the case of an incorrect password there would be two counts against the max retry attempts. Second, in the case of hardware pre-auth and an expired password, the user would be asked to enter their expired password twice before being told it was expired. This has been fixed by changing the use_master parameter into an in/out parameter and modifying krb5int_sendto() to indicate which KDC it received the response from. This allows the use_master parameter to be set to indicate whether or not the response came from a master KDC regardless of whether a master KDC was requested. To generate a diff of this commit: cvs diff -r1.403 -r1.404 krb5/src/include/ChangeLog cvs diff -r1.157 -r1.158 krb5/src/include/k5-int.h cvs diff -r1.196 -r1.197 krb5/src/lib/krb4/ChangeLog cvs diff -r1.15 -r1.16 krb5/src/lib/krb4/send_to_kdc.c cvs diff -r5.430 -r5.431 krb5/src/lib/krb5/krb/ChangeLog cvs diff -r5.109 -r5.110 krb5/src/lib/krb5/krb/get_in_tkt.c cvs diff -r5.14 -r5.15 krb5/src/lib/krb5/krb/gic_keytab.c cvs diff -r5.25 -r5.26 krb5/src/lib/krb5/krb/gic_pwd.c cvs diff -r5.55 -r5.56 krb5/src/lib/krb5/krb/send_tgs.c cvs diff -r5.375 -r5.376 krb5/src/lib/krb5/os/ChangeLog cvs diff -r5.2 -r5.3 krb5/src/lib/krb5/os/send524.c cvs diff -r5.66 -r5.67 krb5/src/lib/krb5/os/sendto_kdc.c		Download (untitled) 1.6k
Fri Feb 27 00:24:44 2004	jaltman - Tags pullup added
Fri Feb 27 00:24:44 2004	jaltman - Status changed from new to resolved
Fri Feb 27 00:24:45 2004	jaltman - Target_Version next added
Fri Feb 27 00:24:45 2004	jaltman - Requestor jaltman@mit.edu added
Fri Feb 27 00:26:39 2004	jaltman - Subject changed from [no subject] to Modify krb5_get_init_creds_password() to prevent duplicate queries to master KDC
Fri Feb 27 00:26:40 2004	jaltman - Component krb5-libs added
Fri Feb 27 00:26:40 2004	jaltman - Version_reported 1.3.2 added
Fri Feb 27 00:26:40 2004	jaltman - Version_Fixed 1.3.2 added
Fri Feb 27 19:35:04 2004	raeburn - Correspondence added
From: raeburn@mit.edu Subject: CVS Commit * gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missed. To generate a diff of this commit: cvs diff -r5.431 -r5.432 krb5/src/lib/krb5/krb/ChangeLog cvs diff -r5.26 -r5.27 krb5/src/lib/krb5/krb/gic_pwd.c		Download (untitled) 223b
Fri Feb 27 19:35:58 2004	raeburn - Keyword 1.3.2 deleted
Mon Mar 15 15:43:36 2004	tlyu - Target_Version next changed to 1.4
Thu Mar 18 14:36:57 2004	hartmans - Keyword pullup deleted
Mon Nov 15 22:22:04 2004	tlyu - Version_Fixed 1.4 added