Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2636 From dgc@smack.uchicago.edu Wed Aug 25 16:50:37 1999 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA22075 for ; Wed, 25 Aug 1999 16:50:32 -0400 Received: from smack.uchicago.edu by MIT.EDU with SMTP id AA10441; Wed, 25 Aug 99 16:50:28 EDT Received: (from dgc@localhost) by smack.uchicago.edu (8.9.3/8.9.3) id PAA04183; Wed, 25 Aug 1999 15:50:27 -0500 (CDT) Message-Id: <19990825155026.I11819@smack.uchicago.edu> Date: Wed, 25 Aug 1999 15:50:26 -0500 From: David Champion Reply-To: David Champion To: krb5-bugs@MIT.EDU Cc: network-security@uchicago.edu Subject: kadmin enhancement req X-Send-Pr-Version: 3.99 >Number: 742 >Category: krb5-admin >Synopsis: kadmin does not exist with nonzero status >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Wed Aug 25 16:51:00 EDT 1999 >Last-Modified: >Originator: David Champion >Organization: University of Chicago >Release: krb5-1.0.6 >Environment: System: SunOS smack 5.7 Generic_106541-04 sun4u sparc SUNW,Ultra-5_10 Architecture: sun4 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libgen.so.1 => /usr/lib/libgen.so.1 libc.so.1 => /usr/lib/libc.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 >Description: kadmin does not exit with nonzero status upon failure of operations given with the -q option (or interactively, but that's not a big problem.) Specifically, our account management system needs to be able to send ank, modprinc, and cpw queries create, enable/disable, and passwd principals. kadmin should exit with nonzero status when these operations fail because of policy violations, bad passwords, or nonexistent principals. >How-To-Repeat: root# /opt/sbin/kadmin -p my_princ/actmgr@REALM -w "my unfortunately exposed password" -q "ank -policy default +requires_preauth -pw bad_password new_princ@REALM" root# echo $? 0 root# /opt/sbin/kadmin -p my_princ/actmgr@REALM -w "my unfortunately exposed password" -q "modprinc -expire now -allow_tix nonexistent_princ@REALM" root# echo $? 0 root# /opt/sbin/kadmin -p my_princ/actmgr@REALM -w "my unfortunately exposed password" -q "cpw -pw bad_password smack@UCHICAGO.EDU" root# echo $? 0 >Fix: Should be fairly evident.... -- -D. dgc@uchicago.edu System Administrator, etc etc. The University of Chicago, Inc. >Audit-Trail: >Unformatted: