Ticket History #1488: Incorrect password error for principal with preauth is confusing

# Tue May 06 15:10:08 2003 hartmans (Sam Hartman) - Ticket #1455: - Ticket created

To:	krb5-bugs@mit.edu
Subject:	Return integrity error on bad password
Date:	Tue, 6 May 2003 15:10:04 -0400 (EDT)
From:	hartmans@MIT.EDU (Sam Hartman)

Download (untitled) / with headers
text/plain 123B

We should return an decrypt integrity error on bad password with
encrypted timestamp rather than just preauth failed.

# Wed May 14 13:42:14 2003 lxs (Alexandra Ellwood) - Ticket created

Subject:	Incorrect password error for principal with preauth is confusing
Cc:	eichin

Download (untitled) / with headers
text/plain 571B

The error for an incorrect password for principal with preauth is
confusing. krb5_init_creds_password returns KRB5KDC_ERR_PREAUTH_FAILED,
which translates to the string "Preauthentication failed". So a typical
kinit where the user types a bad password goes as follows (this is with
a 1.2.x kinit):

dragon-slave% kinit preauth@TESTV5-KERBEROS-1.2.0
Password for preauth@TESTV5-KERBEROS-1.2.0:
kinit(v5): Preauthentication failed while getting initial credentials

Needless to say, this is confusing and might dissuade the user from
trying to type their password again.

# Wed May 14 15:28:58 2003 hartmans (Sam Hartman) - Status changed from 'new' to 'resolved'

# Wed May 14 15:29:03 2003 hartmans (Sam Hartman) - Tags pullup added

# Wed May 14 15:29:08 2003 hartmans (Sam Hartman) - Target_Version 1.3 added

# Wed May 14 15:29:11 2003 hartmans (Sam Hartman) - Component krb5-clients changed to krb5-kdc

# Wed May 14 15:29:12 2003 hartmans (Sam Hartman) - Correspondence added

From:	hartmans@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 283B

Allow the KDC to return bad integrity errors to the client on preauth
failure. This will be translated by the client into password
incorrect.

To generate a diff of this commit:

cvs diff -r5.258 -r5.259 krb5/src/kdc/ChangeLog
cvs diff -r5.39 -r5.40 krb5/src/kdc/kdc_preauth.c

# Thu May 22 21:10:34 2003 tlyu (Taylor Yu) - Version_Fixed 1.3 added

# Thu May 22 21:10:34 2003 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 174B

pullup from trunk

To generate a diff of this commit:

cvs diff -r5.251.2.7 -r5.251.2.8 krb5/src/kdc/ChangeLog
cvs diff -r5.35.2.3 -r5.35.2.4 krb5/src/kdc/kdc_preauth.c

# Fri Jun 06 18:47:25 2003 tlyu (Taylor Yu) - Ticket #1455: - Ticket 1455 MergedInto ticket 1488.

# Wed Dec 16 18:02:40 2015 tlyu (Taylor Yu) - CustomField pullup deleted