Skip Menu |

Download (untitled) / with headers
text/plain 1.8KiB
From ghudson@MIT.EDU Wed May 13 12:43:29 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA04201 for <bugs@RT-11.MIT.EDU>; Wed, 13 May 1998 12:43:28 -0400
id AA29048; Wed, 13 May 98 12:43:12 EDT
Received: by (8.8.8/4.7) id MAA01208; Wed, 13 May 1998 12:43:11 -0400 (EDT)
Message-Id: <>
Date: Wed, 13 May 1998 12:43:11 -0400 (EDT)
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: des_read_pw_string in libdes425
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 590
>Category: krb5-libs
>Synopsis: des_read_pw_string() is not backward-compatible
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed May 13 12:44:00 EDT 1998
>Originator: Greg Hudson
Show quoted text
>Release: 1.0pl1

System: NetBSD 1.3.1 NetBSD 1.3.1 (ATHENA) #0: Mon Apr 27 17:21:42 EDT 1998 i386

Show quoted text
libdes425 is supposed to provide backward compatibility with the krb4
libdes. Unfortunately, des_read_pw_string() is not compatible; in
both MIT Kerberos and CNS, the fourth argument is a flag "verify"
(which verifies with a prompt "Verifying, please re-enter <first
Show quoted text
prompt>"). In libdes425, the fourth argument is a second prompt to
use when verifying, or NULL if verification is not to be done.
Show quoted text
Compile the CNS kpasswd against the krb4 compatibility libraries. Watch
it dump core.
Show quoted text
None provided, although it's fairly simple.
Show quoted text
We seem to have accidentally fixed this in the course of the KfM krb4
merge. Of course, it's now backwards-incompatible with older krb5
libdes425, but compatible with every other plain krb4 implementation out
there, I think.