Skip Menu |
 

Download (untitled) / with headers
text/plain 2.5KiB
From bjaspan@MIT.EDU Mon Mar 17 12:28:35 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA02303 for <bugs@RT-11.MIT.EDU>; Mon, 17 Mar 1997 12:28:34 -0500
Received: from BEEBLEBROX.MIT.EDU by MIT.EDU with SMTP
id AA12880; Mon, 17 Mar 97 12:28:27 EST
Received: by beeblebrox.MIT.EDU (940816.SGI.8.6.9/4.7) id RAA09448; Mon, 17 Mar 1997 17:28:34 GMT
Message-Id: <199703171728.RAA09448@beeblebrox.MIT.EDU>
Date: Mon, 17 Mar 1997 17:28:34 GMT
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: kadm5_randkey_principal does not store old key in history
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 397
>Category: krb5-admin
>Synopsis: kadm5_randkey_principal does not store old key in history
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Mar 17 12:29:00 EST 1997
>Last-Modified: Sun Mar 01 21:47:01 EST 1998
>Originator: Barry Jaspan
>Organization:
mit
Show quoted text
>Release: 1.0-development
>Environment:

System: IRIX beeblebrox 5.3 02091401 IP22 mips


Show quoted text
>Description:

The current implementation of kadm5_randkey_principal does not store
the current key in the key history before replacing it with a new
random key. This means that a principal can randomize its password
and then re-select that password, getting around the password history.

Actually, I'm not convinced this really matters. Password history
without password minimum life is meaningless. If you have a pw
min_life, then randomizing your key really isn't practical, because
then you do not have a password to type for the duration of min_life.

So, perhaps the code should be fixed, or kadm5/api-funcspec.tex should
be updated not to say that randkey updates pw history. Not sure
which.

Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:

Show quoted text
>Audit-Trail:

From: Tom Yu <tlyu@MIT.EDU>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/397: kadm5_randkey_principal does not store old key in history
Date: Sun, 1 Mar 1998 21:46:44 -0500

`Tom Yu' made changes to this PR.

--- /tmp/gnatsa005GP Sun Mar 1 21:46:10 1998
+++ /tmp/gnatsb005GP Sun Mar 1 21:46:35 1998
@@ -16,7 +16,7 @@
Show quoted text
>Synopsis: kadm5_randkey_principal does not store old key in history
>Confidential: no
>Severity: serious
->Priority: medium
+>Priority: low
Show quoted text
>Responsible: bjaspan
>State: open
>Class: sw-bug

Show quoted text
>Unformatted: