RT RT/krbdev.mit.edu: Ticket #2296 Modify krb5_get_init_creds_password() to prevent duplicate queries to master KDC Signed in as guest.

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]


 The Basics  
0 min

 Keyword Selections  
  • krb5-libs
  • 1.3.2
  • 1.4
  • 1.4

Depends on:
Depended on by:
  • 2424: (epeisach) krb5_sendto_kdc passing improper argument to krb5_locate_kdc [resolved]

Refers to:
Referred to by:
  • 2370: (kenh) Fix missing case for get_init_creds API change. [resolved]
Created: Fri Feb 27 00:24:42 2004
Starts: Not set
Started: Fri Feb 27 00:24:44 2004
Last Contact: Fri Feb 27 19:35:06 2004
Due: Not set
Updated: Mon Nov 15 22:22:05 2004 by tlyu


 More about Jeffrey Altman  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

History   Display mode: [Brief headers] [Full headers]
      Fri Feb 27 00:24:42 2004  jaltman - Ticket created    
From: jaltman@mit.edu
Subject: CVS Commit

As discussed on the krbdev mailing list, krb5_get_init_creds_password()
suffered from a behavior in which it would unintentionally query a master
KDC twice if in fact the KDC queried when krb5int_sendto() was called
with use_master = 0 was in fact the master.  This resulted in more than
an additional protocol operation.  There were two negative side effects.
First, in the case of an incorrect password there would be two counts
against the max retry attempts.  Second, in the case of hardware pre-auth
and an expired password, the user would be asked to enter their expired
password twice before being told it was expired.

This has been fixed by changing the use_master parameter into an in/out
parameter and modifying krb5int_sendto() to indicate which KDC it received
the response from.  This allows the use_master parameter to be set to
indicate whether or not the response came from a master KDC regardless
of whether a master KDC was requested.

To generate a diff of this commit:

	cvs diff -r1.403 -r1.404 krb5/src/include/ChangeLog
	cvs diff -r1.157 -r1.158 krb5/src/include/k5-int.h
	cvs diff -r1.196 -r1.197 krb5/src/lib/krb4/ChangeLog
	cvs diff -r1.15 -r1.16 krb5/src/lib/krb4/send_to_kdc.c
	cvs diff -r5.430 -r5.431 krb5/src/lib/krb5/krb/ChangeLog
	cvs diff -r5.109 -r5.110 krb5/src/lib/krb5/krb/get_in_tkt.c
	cvs diff -r5.14 -r5.15 krb5/src/lib/krb5/krb/gic_keytab.c
	cvs diff -r5.25 -r5.26 krb5/src/lib/krb5/krb/gic_pwd.c
	cvs diff -r5.55 -r5.56 krb5/src/lib/krb5/krb/send_tgs.c
	cvs diff -r5.375 -r5.376 krb5/src/lib/krb5/os/ChangeLog
	cvs diff -r5.2 -r5.3 krb5/src/lib/krb5/os/send524.c
	cvs diff -r5.66 -r5.67 krb5/src/lib/krb5/os/sendto_kdc.c

Download (untitled) 1.6k
      Fri Feb 27 00:24:44 2004  jaltman - Tags pullup added    
      Fri Feb 27 00:24:44 2004  jaltman - Status changed from new to resolved    
      Fri Feb 27 00:24:45 2004  jaltman - Target_Version next added    
      Fri Feb 27 00:24:45 2004  jaltman - Requestor jaltman@mit.edu added    
      Fri Feb 27 00:26:39 2004  jaltman - Subject changed from [no subject] to Modify krb5_get_init_creds_password() to prevent duplicate queries to master KDC    
      Fri Feb 27 00:26:40 2004  jaltman - Component krb5-libs added    
      Fri Feb 27 00:26:40 2004  jaltman - Version_reported 1.3.2 added    
      Fri Feb 27 00:26:40 2004  jaltman - Version_Fixed 1.3.2 added    
      Fri Feb 27 19:35:04 2004  raeburn - Correspondence added    
From: raeburn@mit.edu
Subject: CVS Commit

* gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missed.

To generate a diff of this commit:

	cvs diff -r5.431 -r5.432 krb5/src/lib/krb5/krb/ChangeLog
	cvs diff -r5.26 -r5.27 krb5/src/lib/krb5/krb/gic_pwd.c

Download (untitled) 223b
      Fri Feb 27 19:35:58 2004  raeburn - Keyword 1.3.2 deleted    
      Mon Mar 15 15:43:36 2004  tlyu - Target_Version next changed to 1.4    
      Thu Mar 18 14:36:57 2004  hartmans - Keyword pullup deleted    
      Mon Nov 15 22:22:04 2004  tlyu - Version_Fixed 1.4 added