Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id CB55B57FB8; Fri, 21 Feb 2014 16:34:36 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s1LLYaCG031604; Fri, 21 Feb 2014 16:34:36 -0500 Received: from mailhub-dmz-1.mit.edu (mailhub-dmz-1.mit.edu [18.9.21.41]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s1LLXlJ4031465 for ; Fri, 21 Feb 2014 16:33:47 -0500 Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) by mailhub-dmz-1.mit.edu (8.13.8/8.9.2) with ESMTP id s1LLXVLF030633 for ; Fri, 21 Feb 2014 16:33:47 -0500 X-Auditid: 1209190d-f79776d000000ce9-42-5307c6396397 Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id C4.E1.03305.A36C7035; Fri, 21 Feb 2014 16:33:46 -0500 (EST) Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1LLXjlw016023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 21 Feb 2014 16:33:45 -0500 Received: from [10.10.50.194] (vpn-50-194.rdu2.redhat.com [10.10.50.194]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s1LLXivc024991 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Fri, 21 Feb 2014 16:33:44 -0500 Message-ID: <1393018423.23210.48.camel@localhost.localdomain> Subject: FAST not used for password change request From: Nathaniel McCallum To: krb5-bugs@mit.edu Date: Fri, 21 Feb 2014 16:33:43 -0500 Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.22 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPIsWRWlGSWpSXmKPExsVysWW7jK7VMfZgg56V1hYND4+zOzB6NJ05 yhzAGMVlk5Kak1mWWqRvl8CV0XnoGGtBJ1PFid7NTA2Mtxm7GDk5JARMJO7Mnc4KYjMKeEu8 uXqcHSIuJnHh3nq2LkYuDiGBE4wSN2Z/YYFwNjFJtP7sZYJwljJJXH78mAmkhVfAVuL/ke1g trCAkcSiI3NYQGw2AQOJrx86wWwRAVGJl3+PgdksAqoSs24dZgaxmQU0JVq3/wZazQE0R1Di 7w5hiLC8xPa3c5ghLtKWOLXxO/sERv5ZSDpmIXTMQtKxgJF5FaNsSm6Vbm5iZk5xarJucXJi Xl5qka6RXm5miV5qSukmRmDoCXFK8u5gfHdQ6RCjAAejEg+vQyp7sBBrYllxZe4hRkkOJiVR 3qI9QCG+pPyUyozE4oz4otKc1OJDjBIczEoivCqLgHK8KYmVValF+TApaQ4WJXHeWotfQUIC 6YklqdmpqQWpRTBZJg72Q4wyHBxKEryOR4G6BYtS01Mr0jJzSpDVcIIILpA1PEBrJEEKeYsL EnOLM9Mhik4xKkqJ87KBJARAEhmleXADYOniEqOslDAvIwMDgxAP0AVAj6PKv2IUB3pamJcL ZApPZl4J3PRXQIuZgBaXbGQFWVySiJCSamAsefSdcx1PNG/Cq4Q3U1UY7p5tCjh9ud+zqvV2 sPb5s/W3jGpNL115ZqDaUspo5Sjf+mHezvzqzyHKU0om1VxU7E/P062ynD7l8ozw8z9tqjNE Il6fsUo6dHh/nmerSprsgzWSC55t/Lz3zVq+OO07ZUx+hbrClbPEFqlluDy8OiG14anuyzwl luKMREMt5qLiRAB77FC4EgMAAA== X-Mailman-Approved-At: Fri, 21 Feb 2014 16:34:34 -0500 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu Content-Length: 260 When attempting to use perform authentication using FAST, if the principal's keys are expired, the password change request happens outside of FAST. This means that preauth methods which require FAST can't be used for user authentication when the keys expire.